|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mark Curphey (mark
curphey.com)Date: Sun Jan 13 2002 - 00:05:59 CST
I think theres a few obviuous things we could also add
Known containers for applications
/cgi-bin
/servlet
And then theres WSDL - this is exactly what it does ;-)
file extensions - .pl, asp, jsp etc
If the application is passing cookies then there is an application at the
other end processing them. It may be the servlet session context or ASP
equiv but theres an application behind it.
Anywhere wheres theres a form in html.
Any static link with ? in it.
-----Original Message-----
From: James Fleming [mailto:jamesfleming94588yahoo.com]
Sent: Friday, January 11, 2002 4:17 PM
To: webappsecsecurityfocus.com
Subject: Re: RE : OWASP : What to test?
I thinking about it it pretty simple.....anywhere
where input is passed.
Anywhere wheres there is inout to the application
--- c c <cesarc56yahoo.com> wrote:
> I think that a good starting point is gather
> information about the os, webserver, web
> applications
> and database servers. Eg.:looking at the http
> headers,
> cookies, error messages, server extensions, cgis,
> etc.
> Just telling some ideas.
>
>
> Cesar Cerrudo.
>
> __________________________________________________
> Do You Yahoo!?
> Send FREE video emails in Yahoo! Mail!
> http://promo.yahoo.com/videomail/
__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]