|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Naveed Ahmed (Naveed.Ahmed
dubaicustoms.ae)
Date: Sun Dec 09 2007 - 00:17:42 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Vishal
Depending on what stage the web application is in you may want to do the following,
1. External Pen test on the UAT environment
2. External Pen test on the production environment after obviously fixing issues that arose in the above item.
3. Application design review
4. Review of any payment modules / certificates etc.
5. Internal Pen test if required.
Hope this helps
Naveed Ahmed CISM, CISA, CISSP, ISO 20000 LA&I, BS 7799 LA&I, ITIL Fn.
IT Security Analyst
IT D&D
Dubai Customs HQ
Block ‘B’ | Floor 2
P.O. Box 63 Dubai-UAE
Phone: +9714 302 3776
Fax: +9714 345 0695
Cell : +97150 501 1467
Email: naveed.ahmeddubaicustoms.ae
Website: http://www.dubaicustoms.ae
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of Vishal Garg
Sent: Friday, December 07, 2007 9:48 PM
To: webappsecsecurityfocus.com
Subject: Defining scope of web application pentest
Hi,
Can anyone please tell what needs to be considered while defining the
scope of a web application penetration test. Here I am concerned only
about the web application and the web server that would exclude every
other bit related to the infrastructure (such as firewall or a proxy
etc). Also how do we calculate the effort required to test a web
application. The things which I think may be considered are the
number of static and dynamic pages and types of users involved etc.
But what else can be considered?
Any inputs would be highly appreciated.
Cheers
Vishal
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
********************************************DISCLAIMER********************************************
This email and any files transmitted with it are confidential and contain privileged or copyright
information. If you are not the intended recipient you must not copy, distribute or use this email
or the information contained in it for any purpose other than to notify us of the receipt thereof.
If you have received this message in error, please notify the sender immediately, and delete this
email from your system.
Please note that e-mails are susceptible to change.The sender shall not be liable for the improper
or incomplete transmission of the information contained in this communication,nor for any delay in
its receipt or damage to your system.The sender does not guarantee that this material is free from
viruses or any other defects although due care has been taken to minimise the risk.
**************************************************************************************************
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]