Re: Pen testing techniques

From: v3nd3rs5uck (ntpeck@yahoo.com)
Date: Thu Apr 10 2008 - 16:18:40 EDT

• Next message: Rafael Nuñez: "Re: Pen testing techniques"
• Previous message: markus sesser: "get MD5-Hash from /etc/shadow file"
• In reply to: Jason: "Re: Pen testing techniques"
• Next in thread: intel96: "Re: Pen testing techniques"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Even paros proxy can do the basics of XSS and injection testing and its my favorite price :)

Dude, tools are only part of the battle, I agree with Atif

--- On Wed, 4/9/08, Jason <securitux@gmail.com> wrote:

> From: Jason <securitux@gmail.com>
> Subject: Re: Pen testing techniques
> To: "Atif Azim" <azim.atif@gmail.com>
> Cc: pen-test@securityfocus.com
> Date: Wednesday, April 9, 2008, 2:11 PM
> Oh boy... let me intercept this before some others do, lol.
>
> You cannot rely on Core or any one tool for a pen test AT
> ALL. It's a
> great tool but there is SO much more to pen testing than
> relying on
> one single tool, in fact that is the cardinal sin. You need
> to follow
> a methodology and use an array of tools and manual
> techniques to make
> sure the test is thorough. When I do a web app pen test,
> the tools
> never find some of the nastiness that I do manually. Never.
> Web apps
> are a curious breed because they are usually custom coded
> in some way
> so every single one is different, making standard tools
> less useful.
>
> I am not surprised by your Core Impact results, it is a
> great tool but
> they are new to the web app game, and it hasn't been
> thoroughly
> developed yet. No fault of theirs, it just hasn't
> matured the way
> others have. For web apps I prefer a web app vulnerability
> scanner
> like Cenzic Hailstorm for the automated dumb stuff like XFS
> / XSS and
> basic authentication bypass. You definitely need to do
> manual checks,
> regardless of what the tools find. Try some injections and
> authentication bypass techniques, and, well, everything
> else too.
> Might want to do a search for the OWASP guide, they have
> great info on
> web app testing.
>
> Besides all this, have you used anything like nmap to find
> open ports
> and verify your results? Perhaps Core missed something. Is
> a stealth
> approach required to emulate a malicious hacker and
> therefore your
> checks need to be quiet and evade detection?
>
> I highly recommend if you are new to this to take a course
> or at least
> get some good books. A person really can't jump into
> pen testing like
> they can jump into product deployment / administration.
>
> Might want to search this list as well, you will find some
> helpful
> information I am sure.
>
> Good luck.
>
> -J
>
> On Wed, Apr 9, 2008 at 3:48 PM, Atif Azim
> <azim.atif@gmail.com> wrote:
> > Hello,
> > I am new to pen testing and am currently involved in
> doing an external
> > pen test for one of our clients.We are doing it
> through Core
> > Impact.Reconnaisance showed only port 80 as open and
> the web server
> > running IIS 6.0.Core Impact did not find any
> vulnerabilities in the
> > server and hence was unable to penetrate.The web
> application was also
> > tested for SQL Injection and PHP remote file
> inclusion and did not
> > find any vulnerabilities there either.
> >
> > My question is what else can we do besides relying on
> Core Impact for
> > this pen test.And what impression can a client get if
> we say to them
> > that there are no vulnerabilites in your network or
> web app.Its
> > dificult to digest something like that for a security
> specialist that
> > everythings alright.
> >
> > Looking forward to some great views.Thanks.
> >
> > Regards,
> > Atif Azim
> >
> >
> ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities
> fast.
> > Click to try it, buy it or download a solution FREE
> today!
> >
> > http://www.cenzic.com/downloads
> >
> ------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

• Next message: Rafael Nuñez: "Re: Pen testing techniques"
• Previous message: markus sesser: "get MD5-Hash from /etc/shadow file"
• In reply to: Jason: "Re: Pen testing techniques"
• Next in thread: intel96: "Re: Pen testing techniques"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:30 EDT