|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mervyn (barcajax
gmail.com)
Date: Tue Jul 07 2009 - 12:40:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You already mentioned the obvious! XML over HTTP. Opportunity to sniff
and manipulate the traffic.
On Tue, Jul 7, 2009 at 12:17 PM, Anant Iyer<iyer.anant.rgmail.com> wrote:
> Hello,
>
> We have a middleware application to be pen-tested for security
> bugs.The application serves requests from various front-end systems
> (XML over HTTP) and depending on these requests, retrieves the data
> from various back-end repositories.
> The development team has built a front-end just for testing
> (functional) this application in the UAT environment. In such a
> scenario, I need some pointers on how should I perform the pentest of
> this middleware application.
>
> Regards,
>
> Anant Iyer
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]