Re: [WEB SECURITY] Do we need desktop admin rights for webapplication penetration testing?

["Joe White" <feedyourhead@xxxxxxxxx>]

Do the systems you are working with allow you to boot to a CD (or even
a USB stick)?  If so, you are golden.

I suggest that you grab the latest version of BackTrack from here
(http://remote-exploit.org/backtrack_download.html) burn the ISO to a
CD and boot a workstation at your client location.

the awesome thing bout this is that it also simulates what a real user
could do assuming they are allowed to boot to a CD as well.

hope this helps.

thanks,
joe

<<<>>>

On Fri, Jul 25, 2008 at 3:13 AM, Sharevane <sharevane@xxxxxxxxx> wrote:
> Hi
>
> I have to perform web application penetration testing for banking
> application within the company(intranet scanning)
> But the environment is ,they will not be providing admin rights and internet
> access for performing penetration testing.
>
> I will be using the open source tools other than appscan for this activity.
> But I am not sure can we perform penetration testing without admin right?
> Till now I have not tried penetration testing without admin rights in the
> desktop system which is used for scanning the webapplication using appscan
> and opensource tools.
>
> I am looking for quick responses so that i can explain to management here.
>
> thanks&regards
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA