Re: Application Assessment

From: goenw (goenw.mailinglist@gmail.com)
Date: Wed Aug 10 2005 - 21:58:54 EDT

• Next message: yfs us: "Re: AD password Auditing"
• Previous message: gcehrh@securityfocus.com: "Re: RE: AD password Auditing"
• In reply to: AdamT: "Re: Application Assessment"
• Next in thread: Irene Abezgauz: "Re: Application Assessment"
• Reply: Irene Abezgauz: "Re: Application Assessment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Guys,
Thanks a lot for your reply, just return from my trip. here is more
details regarding the assessment.
1. there is a list of application listed to be assess which include a
standalone win32 executable, but mainly more to web application.
2. the assessment will be from user perspective (no source code)
3. the assessment is a security assessment to find out about the regular
type of break-ins (buffer-overflow, dos, etc)
4. anybody have experience with external party, which are able to share
the experience (scope of work, test case, etc)

Thanks and Regards,
goenw

AdamT wrote:

>On 8/8/05, goenw <goenw.mailinglist@gmail.com> wrote:
>
>
>>Hi,
>>
>>anybody have experience with application assessment ? I am a network
>>guy, dont know much about the apps PT.
>>1. is there any tools that allow me to do the assessment throughly ?
>>2. should i have external party conduct this, what are the things i
>>should expect from them (success criteria) ?
>>any comments are appriciated.
>>
>>
>
>Can you be more specific about the application that you're testing?
>eg - is it a standalone win32 executable, or perhaps a web application?
>Will you be testing the infrastructure on which it runs also?
>Does the application rely on input from either the user, other
>processes, drivers or other hosts on a network?
>Big question - will you have access to the source code? All of it?
>Example - not much use having access to the source of application.exe
>if you don't get the source to applib1.dll
>
>If you're looking to get an external party in, you need to think about
>what levels of assurance you need for this particular application. If
>it's a branded screen-saver that you want to distribute as a PR
>exercise, your needs (and testing methods) will be very different from
>testing a custom web banking application.
>
>
>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

• Next message: yfs us: "Re: AD password Auditing"
• Previous message: gcehrh@securityfocus.com: "Re: RE: AD password Auditing"
• In reply to: AdamT: "Re: Application Assessment"
• Next in thread: Irene Abezgauz: "Re: Application Assessment"
• Reply: Irene Abezgauz: "Re: Application Assessment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:44 EDT