From: Ory Segal (osegal@watchfire.com)
Date: Wed Sep 06 2006 - 15:10:48 EDT
Hello Paul,
When you say 'infrastructure testing', do you refer to testing only
platform-specific issues, such as problems in Microsoft IIS, Apache,
etc..? or are you referring to testing your web application for
application-layer issues (e.g. XSS, SQL Injection, etc.)?
As a starting point, you can check out the following whitepaper:
https://www.watchfire.com/securearea/whitepapers.aspx?id=20
("Methodologies and Tools for Web Application Security Assessment")
Good luck with the assessment,
Ory Segal
Watchfire
-----Original Message-----
From: Paul Justin [mailto:pauljustin@gmail.com]
Sent: Wednesday, September 06, 2006 7:25 PM
Cc: pen-test@securityfocus.com
Subject: Infrastructure Testing for Web Applications
Good evening all,
We are looking at doing infrastructure testing for our company's web
applications, and was wondering what sort of methodologies / tools do
you all use to assist yourselves in this process?
Best regards,
Paul J.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:55 EDT