WebApp Sec mailing list archives
Re: Web Application Security Testing Procedures
From: "Adam Tuliper" <amt () gecko-software com>
Date: Thu, 30 Dec 2004 12:00:10 -0500
From a high level to start:
-Cross site scripting -Data input validation attacks (overflows, sql injection, etc) -Check and validate all form/querystring/cookie values as well as making sure your data is cleaned up and invalid characters/strings removed. -Banner/Error message revealing - Can information be retrieved that helps an attacker attack your application better. -Denial of service possibilities stemming from any of the above as well as DOS from repeated requests that take a while to process (if any exist in the app). .. .. .. On Tue, 28 Dec 2004 12:05:49 -0500 Lecia McCalla <lmccalla () fsl org jm> wrote:
Hi All, I am currently researching Web application security with the ultimate goal of preparing a Web Applications Security Testing Procedures Document. However, since I'm a novice in the field, I'm requesting some assistance from the group. Please provide suggestions and/ or guidelines as to what should be considered when testing security for web applications. Regards, Lecia McCalla Business Analyst - Quality Management Fiscal Services Limited Mailto:lmccalla () fsl org jm Tel: (876)927-1125-8 Extn 3815 Fax: (876)927-1810
--------------------------------------------------------------------- Web mail provided by NuNet, Inc. The Premier National provider. http://www.nni.com/
Current thread:
- Re: Article - A solution to phishing [Passmark], (continued)
- Re: Article - A solution to phishing [Passmark] Jeremiah Grossman (Dec 02)
- Re: Article - A solution to phishing Robert Hajime Lanning (Dec 02)
- RE: Article - A solution to phishing Michael Silk (Nov 30)
- Re: Article - A solution to phishing Jimi Thompson (Dec 01)
- RE: Article - A solution to phishing Damhuis Anton (Nov 30)
- Re: Article - A solution to phishing Marco Aurelio dos Santos (Dec 23)
- Re: Article - A solution to phishing Marco Aurelio dos Santos (Dec 23)
- Re: Article - A solution to phishing Michael Silk (Dec 28)
- Web Application Security Testing Procedures Lecia McCalla (Dec 30)
- Re: Web Application Security Testing Procedures HernĂ¡n M . Racciatti (Dec 30)
- Re: Web Application Security Testing Procedures Adam Tuliper (Dec 30)
- Re: Web Application Security Testing Procedures Saqib Ali (Dec 31)
- Web Application Security Testing Procedures Lecia McCalla (Dec 30)