Where to begin. Imagine all of the attack vectors and there is heaps of info out there on each one. How does the client store configuration data? What's hard coded into the program itself (strings -a client.exe)? Do you have the source code? Is data secure in transit? Where are trust and privilege defined and enforced? Is there SQL code embedded in the client? What DLLs is it loading?
You could cover every thing from code review and static analysis to reverse engineering. Look up all of those topics, no one vector is the be all and end all. Combined together the body of knowledge allows you to build attacks like lego and get further than any one topic will take you. Regards, Jim On 2 May 2013 00:57, Ryan B <[email protected]> wrote: > Hey Guys, > > Can anyone provide some good resources to learn more about Application > Security Testing. > > This is more the old Client/Server Applications such > as front-end Application (C#, C++, VB) and a Database > Server back-end (Oracle, MSSQL). > > Things I can think off the top of my head is traffic analysis, connect > strings in config files and vulnerability scanning the database server. > > If you have any resources or software recommendations I can learn more > from, that would be awesome. > > Cheers > > Ryan > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
