WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Penetration Testing Report - Sample Report

From: "Ofer Maor" <ofer () imperva com>
Date: Tue, 23 Mar 2004 10:38:13 +0200
Dear WebAppSec List,

Imperva(tm)'s Application Defense Center (formerly WebCohort Research)
has released a new paper.

This paper demonstrates a real Application Penetration Testing Report,
as should be provided at the end of an application penetration testing.
The penetration testing was performed on a sample e-commerce application
named SuperVeda, developed by Imperva(tm) for demonstration, testing and
training purposes. At the end of the penetration testing, a report was
written, as if the site belongs to a real customer.

This paper can be interesting both for technical and non technical
audiences. IT/Security personnel can use it to get an idea of what they
will be receiving at the end of an Application Penetration Testing.
Technical people can use this paper to have better understanding of the
vulnerabilities found in modern web applications, as they present
themselves in a real world application.

Some of the vulnerabilities presented in this paper:
   - SQL Injection
   - Unauthorized Access to Accounts
   - Cross Site Scripting
   - Parameter Tampering
   - Forceful Browsing
   - Cookie Poisoning

The sample report was written by Moran Surf, an Application Security
Expert in Imperva(tm)'s Application Defense Center.

The paper can be found at:
http://www.imperva.com/application_defense_center/white_papers/default.a
sp?show=pentest

---
Imperva(tm)'s Application Defense Center <adc imperva com>
http://www.imperva.com/adc
Previous By Date Next
Previous By Thread Next

Current thread: