|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: webapp dependencies
From: Ryan C. Barnett (rcbarnett
hushmail.com)
Date: Wed Apr 20 2005 - 07:59:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You could use something like SNARE
(http://www.intersectalliance.com/ and have it log all file
opens/reads for the web server account user.
I have run this previously to help identify files needed for
chrooting.
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GCUX, GSEC
On Tue, 19 Apr 2005 23:13:03 -0700 Matt Fisher
<mfisherspidynamics.com> wrote:
>That's not a bad idea. Capturing at a lower level would indeed
>give
>more details. I don't think I've ever used strace. Would the
>output be
>relatively clean ? Ie, not too much work to filter the wheat from
>the
>chaffe ?
>
>
>
>> -----Original Message-----
>> From: Amit Klein (AKsecurity) [mailto:aksecurityhotpop.com]
>> Sent: Wednesday, April 20, 2005 2:27 AM
>> To: Ory Segal; Jarmon, Don R; webappsecsecurityfocus.com; Matt
>Fisher
>> Cc: wasc-technicalwebappsec.org
>> Subject: RE: webapp dependencies
>>
>> On 19 Apr 2005 at 23:21, Matt Fisher wrote:
>>
>> >
>> > I'd really be interested in hearing about it if anyone
>> finds a good
>> > tool / technique but at this point I really don't see how
>> it could be
>> > sufficiently performed from any client sided product such
>> as crawlers,
>> > scanners, accessibility testers etc.
>> >
>>
>> I'd take quite a different approach. At runtim, attach to the
>> web process at a low level (kernel?), e.g. strace, and log
>> access to files. Then use a crawler to enumerate (to the
>> extent possible) all flows through the app. This should give
>> you the list of files accessed by the web server process
>> (there are many detailed to be ironed out, such as server
>> caching, spawning new proceses, etc. but I believe it's doable).
>>
>> In the above example, once you make a hit on the page.asp,
>> strace would first show the web process to read page.asp, and
>> immediately thereafter page1.html.
>>
>> -Amit
>>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkJmUiQACgkQ0C5r6NXO9mLlqwCdEvgMcY2J7jaWyQmbUeQ+e9LcHFwA
niXHdvCA2mxZiyDcp1ByUMrWW+di
=yQxz
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]