Dear Abid Web application penetration testing is one of the most sought after and interesting fields of study. There are various avenues of attack against a web server: 1. The operating system being run the machine (FreeBSD, Linux, Windows...). Which interesting ports are open? Vulnerability scan of the operating system, etc. 2. Web server (Apache, IIS, etc.) running on top of the operating system. You may like to check for security flaws in the design and deployment flaws of a web server. 3. Web Application running on top of the web server. You may like to try SQL injection, X-site scripting, etc. These are three basic avenues of attack / penetration in a web server. Each of these basic layers can further be exploited by various mechanisms. A lot of penetration testing tools in all these avenues are available. You may like to start with them and suggest improvements in the tools and security measures to patch security flaws you may discover. -- Muhammad Farooq-i-Azam --- On Sun, 9/9/12, mhkhan111 <mhkhan111@yahoo.com> wrote:
|
__._,_.___
.
__,_._,___
No comments:
Post a Comment