[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Db2 hacking
- From: zer0x90 <zer0x90@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] Db2 hacking
- Date: Tue, 29 Jul 2008 15:10:42 -0400
--=-cuwVUKL8Pno1an8rhqcd
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
This is an extremely open ended question, and thus have quite a bit of
issues with providing a thorough tutorial on web application hacking.
Although, there are an exhaustive list of tutorials such as OWASP web
application testing guide, WASC, etc..., which I would suggest that you
reference. Also, Portswigger has published a very nicely written web
application security book titled "The Web Application Hackers Handbook".
Once again, a very good read. Since I don't know the entire scope of
what you are trying to perform (i.e. what user perspective are you
testing from. I am inferring that it is an Internet based web user
agent), I would concentrate on an exhaustive list of security items such
as input validation, session management, and many of the other security
issues that have been identified in the OWASP 2007 Top Ten. Also,
concentrate on any Ajax/web services requests that may be occurring, if
applicable. Hope this helps.
-090
On Tue, 2008-07-29 at 11:23 -0700, Sharevane wrote:
> Hello all
>
>
>
> I have to perform penetration testing on webapplication .
>
>
>
> Backend is Db2 v8.0 database and application server in webspehere
> server 6.0
>
>
>
> I want to know how to hack the db2 database and WAS server through web
> application
>
>
>
> thanks in advance
>
>
>
--=-cuwVUKL8Pno1an8rhqcd
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.16.3">
</HEAD>
<BODY>
This is an extremely open ended question, and thus have quite a bit of issues with providing a thorough tutorial on web application hacking. Although, there are an exhaustive list of tutorials such as OWASP web application testing guide, WASC, etc..., which I would suggest that you reference. Also, Portswigger has published a very nicely written web application security book titled "The Web Application Hackers Handbook". Once again, a very good read. Since I don't know the entire scope of what you are trying to perform (i.e. what user perspective are you testing from. I am inferring that it is an Internet based web user agent), I would concentrate on an exhaustive list of security items such as input validation, session management, and many of the other security issues that have been identified in the OWASP 2007 Top Ten. Also, concentrate on any Ajax/web services requests that may be occurring, if applicable. Hope this helps.<BR>
<BR>
-090<BR>
<BR>
<BR>
On Tue, 2008-07-29 at 11:23 -0700, Sharevane wrote:<BR>
<BLOCKQUOTE TYPE=CITE>
<TABLE CELLSPACING="0" CELLPADDING="0">
<TR>
<TD VALIGN="top">
Hello all<BR>
<BR>
<BR>
<BR>
I have to perform penetration testing on webapplication .<BR>
<BR>
<BR>
<BR>
Backend is Db2 v8.0 database and application server in webspehere server 6.0<BR>
<BR>
<BR>
<BR>
I want to know how to hack the db2 database and WAS server through web application<BR>
<BR>
<BR>
<BR>
thanks in advance<BR>
<BR>
<BR>
</TD>
</TR>
</TABLE>
<BR>
</BLOCKQUOTE>
</BODY>
</HTML>
--=-cuwVUKL8Pno1an8rhqcd--
Brought to you by http://www.webappsec.org
Search this site
|