Client side can be interesting, if you are just curious and playing around.
Think tools like APIMonitor, Procmon, or OSpy..along those lines can help in inspecting/analysis. Ollydbg, binnavi, IDA, or Immunity Debugger can be used for inspecting deeper. Like Jim said, you can take it pretty far.. On Thu, May 2, 2013 at 2:23 AM, Jim Halfpenny <[email protected]>wrote: > Where to begin. Imagine all of the attack vectors and there is heaps of > info out there on each one. How does the client store configuration data? > What's hard coded into the program itself (strings -a client.exe)? Do you > have the source code? Is data secure in transit? Where are trust and > privilege defined and enforced? Is there SQL code embedded in the client? > What DLLs is it loading? > > You could cover every thing from code review and static analysis to > reverse engineering. Look up all of those topics, no one vector is the be > all and end all. Combined together the body of knowledge allows you to > build attacks like lego and get further than any one topic will take you. > > Regards, > Jim > > > On 2 May 2013 00:57, Ryan B <[email protected]> wrote: > >> Hey Guys, >> >> Can anyone provide some good resources to learn more about Application >> Security Testing. >> >> This is more the old Client/Server Applications such >> as front-end Application (C#, C++, VB) and a Database >> Server back-end (Oracle, MSSQL). >> >> Things I can think off the top of my head is traffic analysis, connect >> strings in config files and vulnerability scanning the database server. >> >> If you have any resources or software recommendations I can learn more >> from, that would be awesome. >> >> Cheers >> >> Ryan >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
