WebApp Sec mailing list archives
Purple Paper: Exegesis Of Virtual Hosts Hacking
From: pagvac <unknown.pentester () gmail com>
Date: Thu, 9 Mar 2006 21:00:38 +0000
First paper written on the topic of virtual hosts hacking. It covers basic skills such as passive discovery techniques and (almost) stealth active discovery techniques. It also presents possible scenarios of exploitation. The message behind this paper is: - do *not* host your organization's website on your corporate network - do *not* use shared web hosting For details on why we recommend the two previous practices we suggest reading the paper. Finally a survey on UK penetration testing companies is provided which shows which companies follow the two previous principles. Note: the intended audience is *web application penetration testers*. -- Petko Petkov and pagvac [www.gnucitizen.org], [www.ikwt.com] ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=70130000000BxQ1 --------------------------------------------------------------------------
Current thread:
- Purple Paper: Exegesis Of Virtual Hosts Hacking pagvac (Mar 09)