Probably the first thing I do when I come across a web app is try to get to place that I should not be. For example, I just got hired on a development team for a web application. Being a new hire, I didn't have a username or password for the web app, and the web app is such that you need a username and password to get anywhere in the application. So I poked around... I found a javascript file that has some window.open methods for popup windows. So I took those URLs that the window.open methods opens, put them in the web browser, and it turns out that they left out the block of authorization code on some pages! So I was given access to pages with out a username and password! And on these pages, I was able to read, update, and delete data. Moral of the story, poke around, you will have to do things manually.
Every web app is very different, it's not like network pen testing. It takes actual manual testing and web knowledge to get anywhere in a web app pen test. Understand how ajax works, understand cookies, understand how a SQL authentication query most likely looks like. On Sat, Jun 6, 2009 at 11:55 AM, <[email protected]> wrote: > Hello All: > > I am task with doing a basic web app pentest of a server that we are about > to given external users access too. > > Background: > > I work for a university no security department, no budget to hire a > auditor. > > We are about to put one of our training servers on our DMZ this way Faculty > and Staff members can access it from home for Microsoft and other > application video tutorials. > > > Since my boss is aware that I am interested in infosec I was given the > green light to test the app/server and report back anything that can aid in > locking it down. > > Question: > > Since there are so much tools and ways to go about this I would like to > know how do others go about a web app pentest, don't have to give away any > trade secrets :)-. > > I am just looking for an efficient way to go about this! > > > Specs: > > OS: Windows 2003 running in a VMware, ESX 3.5. > > Application: Training package, with a bundled windows version of a LAMP > setup. > > Acess Method: http. > > Thanks in advance. > Sent from my Verizon Wireless BlackBerry > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
