Hi Henning
From the technical aspect, I agree with you. But non technical people
don't see (or understand) that :-( I wish I had time to sit down and
find out how to exploit the webapp. I tried to bring in a company to do
penetration testing, but I was refused the budget for it.
I can't fix the problem completely, but I can put measures in place
that will reduce the problem to an acceptable level.
TIA
Paolo
Henning Brauer wrote:
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 16:43]:
1. Fixing the code is impossible :-( I already tried it, the developers
keep saying that they're code is sound and safe. I've shown logs and
statistics to the bosses of the company that owns the webapp, but the
only response I got was: "fix it" (they aren't making the connection
between the webapp and the spam emails). The only thing I can do to
prove my point is exploit the webapp in front of them, but I don't know
how to do that.
then you should obviously find out how to do the latter.
you cannot fix this problem without fixing the buggy application.
