Re: [WEB SECURITY] Do we need desktop admin rights for webapplication penetration testing?

["Justin Thomas" <justin@xxxxxxxxxxxx>]

I think you'll be surprised to find that many applications will
install and run just fine without Administrator rights.  I'd suggest
that you take the tools you're using and just give it a go -
installing in directories that you have access to, of course.

On Fri, Jul 25, 2008 at 3:13 AM, Sharevane <sharevane@xxxxxxxxx> wrote:
> Hi
>
> I have to perform web application penetration testing for banking
> application within the company(intranet scanning)
> But the environment is ,they will not be providing admin rights and internet
> access for performing penetration testing.
>
> I will be using the open source tools other than appscan for this activity.
> But I am not sure can we perform penetration testing without admin right?
> Till now I have not tried penetration testing without admin rights in the
> desktop system which is used for scanning the webapplication using appscan
> and opensource tools.
>
> I am looking for quick responses so that i can explain to management here.
>
> thanks&regards
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA