Re: Mastercard SDP compliance testing.

From: nurifattah@gmail.com
Date: Wed Aug 23 2006 - 03:29:27 EDT


('binary' encoding is not supported, stored as-is) a few things I can advise you on:

1) make sure you have someone to test during the night. If i remember correctly we had 24 hours to test everything, so you should have someone there to test through the night as well as in the day

2) Make sure your findings (in the report) are backed up with the correct CVE's and BID's.

3) Its a pretty easy test to do, and you should be comfortable with exploiting xss, sql, oracle as well as others.

good luck

Nuri

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:47 EDT