WebApp Sec mailing list archives
Re: Web Site Certification
From: "Dean H. Saxe" <dean () fullfrontalnerdity com>
Date: Thu, 27 Apr 2006 09:43:42 -0400
Don't waste your time or money. Check out some of the shopping sites that are "Hacker Safe" and you'll easily identify authorization flaws which are easily taken advantage of, such as storing the price of an item in a hidden form field.
I'm guessing that they just scan the system with some automated tools like nikto to look for any obvious issues. But the code itself may still be insecure.
-dhs Dean H. Saxe, CEH dean () fullfrontalnerdity com"To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public."
-- Theodore Roosevelt Find out about my Hike for Discovery at www.fullfrontalnerdity.com/hfd On Apr 27, 2006, at 5:16 AM, Marco Passarella wrote:
Hi all, what do you think about the remote services that promise your site to be "hacker free"?Can you really monitor remotely the security of a site using a scanner?Here is an example: http://www.scanalert.com/ Thanks, Mark---------------------------------------------------------------------- ---Sponsored by: WatchfireWatchfire's AppScan is the industry's first and leading web applicationsecurity testing suite, and the only solution to provide comprehensiveremediation tasks at every level of the application. Change the way youthink about application security testing - See for yourself. Download a Free Trial of AppScan 6.0 today!https://www.watchfire.com/securearea/appscansix.aspx? id=701300000007kaF ---------------------------------------------------------------------- ----
------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. Change the way you think about application security testing - See for yourself. Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF --------------------------------------------------------------------------
Current thread:
- Web Site Certification Marco Passarella (Apr 27)
- Re: Web Site Certification Dean H. Saxe (Apr 27)
- Re: Web Site Certification Nathaniel Hall (Apr 27)
- <Possible follow-ups>
- RE: Web Site Certification Craig Wright (Apr 27)
- RE: Web Site Certification Craig Wright (Apr 27)
- RE: Web Site Certification Adam Mikrut (Apr 27)
- Re: Web Site Certification Adam Tuliper (Apr 28)
- Re: Web Site Certification Admin Dbtech (Apr 27)
- Re: Web Site Certification ROB DIXON (Apr 27)
- RE: Web Site Certification ROB DIXON (May 01)