WebApp Sec mailing list archives

Re: Web Site Certification

From: "Dean H. Saxe" <dean () fullfrontalnerdity com>
Date: Thu, 27 Apr 2006 09:43:42 -0400

Don't waste your time or money. Check out some of the shopping sitesthat are "Hacker Safe" and you'll easily identify authorization flawswhich are easily taken advantage of, such as storing the price of anitem in a hidden form field.

I'm guessing that they just scan the system with some automated toolslike nikto to look for any obvious issues. But the code itself maystill be insecure.


-dhs

Dean H. Saxe, CEH
dean () fullfrontalnerdity com

"To announce that there must be no criticism of the president, orthat we are to stand by the president right or wrong, is not onlyunpatriotic and servile, but is morally treasonable to the Americanpublic."

    -- Theodore Roosevelt

Find out about my Hike for Discovery at www.fullfrontalnerdity.com/hfd


On Apr 27, 2006, at 5:16 AM, Marco Passarella wrote:

Hi all,
what do you think about the remote services that promise your site to
be "hacker free"?
Can you really monitor remotely the security of a site using ascanner?
Here is an example:
http://www.scanalert.com/

Thanks,
Mark
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading webapplication
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the wayyou
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF--------------------------------------------------------------------------



-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web applicationsecurity testing suite, and the only solution to provide comprehensiveremediation tasks at every level of the application. Change the way youthink about application security testing - See for yourself.Download a Free Trial of AppScan 6.0 today!


https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------

Current thread:

Web Site Certification Marco Passarella (Apr 27)
- Re: Web Site Certification Dean H. Saxe (Apr 27)
- Re: Web Site Certification Nathaniel Hall (Apr 27)
- <Possible follow-ups>
- RE: Web Site Certification Craig Wright (Apr 27)
- RE: Web Site Certification Craig Wright (Apr 27)
- RE: Web Site Certification Adam Mikrut (Apr 27)
  - Re: Web Site Certification Adam Tuliper (Apr 28)
- Re: Web Site Certification Admin Dbtech (Apr 27)
- Re: Web Site Certification ROB DIXON (Apr 27)
- RE: Web Site Certification ROB DIXON (May 01)