Wednesday, 12 September 2012

Re: [pakgrid] Re: Penetration Testing Research

 

Dear Abid
 
Web application penetration testing is one of the most sought after and interesting fields of study. There are various avenues of attack against a web server:
 
1. The operating system being run the machine (FreeBSD, Linux, Windows...). Which interesting ports are open? Vulnerability scan of the operating system, etc.
 
2. Web server (Apache, IIS, etc.) running on top of the operating system. You may like to check for security flaws in the design and deployment flaws of a web server.
 
3. Web Application running on top of the web server. You may like to try SQL injection, X-site scripting, etc.
 
These are three basic avenues of attack / penetration in a web server. Each of these basic layers can further be exploited by various mechanisms. A lot of penetration testing tools in all these avenues are available. You may like to start with them and suggest improvements in the tools and security measures to patch security flaws you may discover.
 
--
Muhammad Farooq-i-Azam

--- On Sun, 9/9/12, mhkhan111 <mhkhan111@yahoo.com> wrote:

From: mhkhan111 <mhkhan111@yahoo.com>
Subject: [pakgrid] Re: Penetration Testing Research
To: pakgrid@yahoogroups.com
Date: Sunday, September 9, 2012, 3:55 PM

Dear Abid,

I will recommend the OWASP project for your initial research findings regarding  web application security as they are providing basic guidelines and tools for web application security. You can refer to following web page for your thesis/project.

https://www.owasp.org/index.php/OWASP_student_projects

Best Regards,
Muhammad Haseeb
Sr. Executive IT/Advanced Analytics (PTML)


--- In pakgrid@yahoogroups.com, Abid Shahzad <abidshahzad4u@...> wrote:
>
> Respected All
>
> I want to take Penetration Testing for Web Application as my MS CS thesis.
>
> I want to know this is it still significant or can someone help me in this regard?
>
>
>  
> regards
> Abid Shahzad
> Student: MS CS
> AIOU Islamabad
>



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/pakgrid/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/pakgrid/join
    (Yahoo! ID required)

<*> To change settings via email:
    pakgrid-digest@yahoogroups.com
    pakgrid-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    pakgrid-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

__._,_.___
Recent Activity:
.

__,_._,___

No comments:

Post a Comment