{"id":206,"date":"2009-03-23T16:00:50","date_gmt":"2009-03-23T21:00:50","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=206"},"modified":"2009-04-01T10:33:29","modified_gmt":"2009-04-01T15:33:29","slug":"assessing-your-web-app-manually-without-hacking-it","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/23\/assessing-your-web-app-manually-without-hacking-it\/","title":{"rendered":"Assessing Your Web App Manually Without Hacking It"},"content":{"rendered":"<p>After giving my presentation on &#8220;Using Proxies to Secure Applications and More&#8221; at the TRISC 2009 conference, I decided to attend the presentation by Robert &#8220;RSnake&#8221; Hansen and Rob MacDougal entitled &#8220;Assessing Your Web App Manually Without Hacking It&#8221;.\u00a0 The gist of this presentation was that with a few simple tools (Web Developer Toolbar, NoScript, you web browser) you can spend about an hour looking at the characteristics of a web application in order to determine what types and how many vulnerabilities it may have.\u00a0 My notes on the presentation are below:<\/p>\n<p><!--more--><!--[if gte mso 9]><xml> <w :WordDocument> <\/w><w :View>Normal<\/w> <w :Zoom>0<\/w> <w :TrackMoves \/> <w :TrackFormatting \/> <w :PunctuationKerning \/> <w :ValidateAgainstSchemas \/> <w :SaveIfXMLInvalid>false<\/w> <w :IgnoreMixedContent>false<\/w> <w :AlwaysShowPlaceholderText>false<\/w> <w :DoNotPromoteQF \/> <w :LidThemeOther>EN-US<\/w> <w :LidThemeAsian>X-NONE<\/w> <w :LidThemeComplexScript>X-NONE<\/w> <w :Compatibility> <w :BreakWrappedTables \/> <w :SnapToGridInCell \/> <w :WrapTextWithPunct \/> <w :UseAsianBreakRules \/> <w :DontGrowAutofit \/> <w :SplitPgBreakAndParaMark \/> <w :DontVertAlignCellWithSp \/> <w :DontBreakConstrainedForcedTables \/> <w :DontVertAlignInTxbx \/> <w :Word11KerningPairs \/> <w :CachedColBalance \/> <\/w> <m :mathPr> <m :mathFont m:val=\"Cambria Math\" \/> <m :brkBin m:val=\"before\" \/> <m :brkBinSub m:val=\"&#45;-\" \/> <m :smallFrac m:val=\"off\" \/> <m :dispDef \/> <m :lMargin m:val=\"0\" \/> <m :rMargin m:val=\"0\" \/> <m :defJc m:val=\"centerGroup\" \/> <m :wrapIndent m:val=\"1440\" \/> <m :intLim m:val=\"subSup\" \/> <m :naryLim m:val=\"undOvr\" \/> <\/m> <\/xml>< ![endif]--><!--[if gte mso 9]><xml> <w :LatentStyles DefLockedState=\"false\" DefUnhideWhenUsed=\"true\"   DefSemiHidden=\"true\" DefQFormat=\"false\" DefPriority=\"99\"   LatentStyleCount=\"267\"> <w :LsdException Locked=\"false\" Priority=\"0\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Normal\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"heading 1\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" QFormat=\"true\" Name=\"heading 2\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" QFormat=\"true\" Name=\"heading 3\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" QFormat=\"true\" Name=\"heading 4\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" QFormat=\"true\" Name=\"heading 5\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" QFormat=\"true\" Name=\"heading 6\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" QFormat=\"true\" Name=\"heading 7\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" QFormat=\"true\" Name=\"heading 8\" \/> <w :LsdException Locked=\"false\" Priority=\"9\" QFormat=\"true\" Name=\"heading 9\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 1\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 2\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 3\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 4\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 5\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 6\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 7\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 8\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 9\" \/> <w :LsdException Locked=\"false\" Priority=\"35\" QFormat=\"true\" Name=\"caption\" \/> <w :LsdException Locked=\"false\" Priority=\"10\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Title\" \/> <w :LsdException Locked=\"false\" Priority=\"1\" Name=\"Default Paragraph Font\" \/> <w :LsdException Locked=\"false\" Priority=\"11\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Subtitle\" \/> <w :LsdException Locked=\"false\" Priority=\"22\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Strong\" \/> <w :LsdException Locked=\"false\" Priority=\"20\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Emphasis\" \/> <w :LsdException Locked=\"false\" Priority=\"59\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Table Grid\" \/> <w :LsdException Locked=\"false\" UnhideWhenUsed=\"false\" Name=\"Placeholder Text\" \/> <w :LsdException Locked=\"false\" Priority=\"1\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"No Spacing\" \/> <w :LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Shading\" \/> <w :LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light List\" \/> <w :LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Grid\" \/> <w :LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 1\" \/> <w :LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 2\" \/> <w :LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 1\" \/> <w :LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 2\" \/> <w :LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 1\" \/> <w :LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 2\" \/> <w :LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 3\" \/> <w :LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Dark List\" \/> <w :LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Shading\" \/> <w :LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful List\" \/> <w :LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Grid\" \/> <w :LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light List Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 1\" \/> <w :LsdException Locked=\"false\" UnhideWhenUsed=\"false\" Name=\"Revision\" \/> <w :LsdException Locked=\"false\" Priority=\"34\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"List Paragraph\" \/> <w :LsdException Locked=\"false\" Priority=\"29\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Quote\" \/> <w :LsdException Locked=\"false\" Priority=\"30\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Intense Quote\" \/> <w :LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Dark List Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 1\" \/> <w :LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light List Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Dark List Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 2\" \/> <w :LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light List Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Dark List Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 3\" \/> <w :LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light List Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Dark List Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 4\" \/> <w :LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light List Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Dark List Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 5\" \/> <w :LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light List Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Dark List Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 6\" \/> <w :LsdException Locked=\"false\" Priority=\"19\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Subtle Emphasis\" \/> <w :LsdException Locked=\"false\" Priority=\"21\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Intense Emphasis\" \/> <w :LsdException Locked=\"false\" Priority=\"31\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Subtle Reference\" \/> <w :LsdException Locked=\"false\" Priority=\"32\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Intense Reference\" \/> <w :LsdException Locked=\"false\" Priority=\"33\" SemiHidden=\"false\"    UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Book Title\" \/> <w :LsdException Locked=\"false\" Priority=\"37\" Name=\"Bibliography\" \/> <w :LsdException Locked=\"false\" Priority=\"39\" QFormat=\"true\" Name=\"TOC Heading\" \/> <\/w> <\/xml>< ![endif]--><br \/>\nStep 1: Exploit Overachievers<\/p>\n<ul>\n<li>Maximize value by using free tools<\/li>\n<li>OWASP (Open Web Application Security Project)<\/li>\n<li>WASC (Web Application Security Consortium)<\/li>\n<\/ul>\n<p>Step 2: Learn<\/p>\n<ul>\n<li>Security is not an arcane art reserved for people with a special gift.\u00a0 It\u2019s campfire knowledge.\n<ul>\n<li>Assess your security posture regularly<\/li>\n<li>Do not neglect any aspect of your security; bad guys don\u2019t (Social Engineering, Internal Network, Firewall, Web Apps, etc)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Step 3: Chase Your Tail<\/p>\n<ul>\n<li>Remember where you started\n<ul>\n<li>Free tools can provide extreme amounts of value\n<ul>\n<li>OWASP (Eg: OWASP Testing Guide)<\/li>\n<li>WASC<\/li>\n<\/ul>\n<\/li>\n<li>There is no magic to security<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Tools Needed<\/strong><\/span><\/p>\n<ul>\n<li>Web Developer Toolbar\n<ul>\n<li>POST to GET<\/li>\n<li>Response headers<\/li>\n<\/ul>\n<\/li>\n<li>NoScript or QuickJava<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Estimating Vulnerabilities<\/strong><\/span><\/p>\n<ul>\n<li>Site Age \u2013 Care &amp; Feeding\n<ul>\n<li>\u201cCopyright 2003\u201d<\/li>\n<li>Alexa<\/li>\n<li>Archive.org<\/li>\n<li>Whois<\/li>\n<li>Last modified date<\/li>\n<li>Old server + modules version #\u2019s<\/li>\n<\/ul>\n<\/li>\n<li>2-3 years (2), 3-5 years (3), 5-10 years (4), 10+ (5)<\/li>\n<li>Programming Language\n<ul>\n<li>.cfm (1)<\/li>\n<li>AJAX (1)<\/li>\n<li>.do\/.jsp (1)<\/li>\n<li>.cgi\/.pl\/.shtml (2)<\/li>\n<li>.asp (2)<\/li>\n<li>.php (2)<\/li>\n<li>.aspx\/.jspx\/.html (0)<\/li>\n<li>Languages + Demographics theory<\/li>\n<\/ul>\n<\/li>\n<li>Size of the Site Logic Complexity\n<ul>\n<li>Surf around manually\n<ul>\n<li>Sitemap<\/li>\n<\/ul>\n<\/li>\n<li>Google inurl: search<\/li>\n<li>Spider (added download + added time)<\/li>\n<li>Small (0), Medium \u2013 typical retailer (1), Large \u2013 Yahoo (3)<\/li>\n<\/ul>\n<\/li>\n<li>Search\n<ul>\n<li>XSS tests (1)\n<ul>\n<li>\u201cCompany\u201d<\/li>\n<li>I &lt;3 U<\/li>\n<\/ul>\n<\/li>\n<li>SQL injection (1)\n<ul>\n<li>O\u2019Malley<\/li>\n<\/ul>\n<\/li>\n<li>DoS (.5)\n<ul>\n<li>a AND b AND c \u2026<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Registration\n<ul>\n<li>Does it exist?\u00a0 Yes (1)<\/li>\n<li>Email validation and\/or CAPTCHA (1-2)<\/li>\n<li>Password complexity? (1)<\/li>\n<li>Can you choose \u201cadmin\u201d as a username? (1)<\/li>\n<\/ul>\n<\/li>\n<li>Security Functions\n<ul>\n<li>Does change password enforce password complexity rules<\/li>\n<li>Does change password require the existing password<\/li>\n<li>Can you change email address without a password<\/li>\n<li>Can emails be changed without validating them<\/li>\n<li>Are secret questions \u201cstrong\u201d<\/li>\n<\/ul>\n<\/li>\n<li>Contact forms\n<ul>\n<li>Do they have an email address in a hidden field (1)<\/li>\n<li>Submit a blank contact\n<ul>\n<li>Does it work without an error (1)<\/li>\n<\/ul>\n<\/li>\n<li>With and without JavaScript\n<ul>\n<li>Does it say \u201cThanks\u201d without JS but errors when JS is turned on (1)<\/li>\n<\/ul>\n<\/li>\n<li>Can users contact other users on the site (Eg: Private message) (2)<\/li>\n<\/ul>\n<\/li>\n<li>Login\n<ul>\n<li>Does it use SSL (1)<\/li>\n<li>Does it allow auto complete (1)<\/li>\n<li>Does it stop me from being able to type failed logins (3)\n<ul>\n<li>Horizontal, Vertical, &amp; Diagonal Brute Force attacks<\/li>\n<\/ul>\n<\/li>\n<li>Can you switch POST to GET (1)\n<ul>\n<li>Session fixation<\/li>\n<li>CSRF (1 per major site function, EG: change password, change secret question, change email address, etc)<\/li>\n<\/ul>\n<\/li>\n<li>Does it auto-logout (1)<\/li>\n<li>javascript:alert(document.cookie) (1)<\/li>\n<\/ul>\n<\/li>\n<li>Forgot password flow\n<ul>\n<li>Does it send the plaintext password (1)<\/li>\n<li>Does it send a \u201csmall\u201d key (1) \u2013 20 bits or less<\/li>\n<li>Does it tell you if your username is valid or not (.5)<\/li>\n<\/ul>\n<\/li>\n<li>File Upload\n<ul>\n<li>Does it check file extensions (.5)<\/li>\n<li>Does it check file types (.5)<\/li>\n<li>Does it allow re-displaying of the file (1)<\/li>\n<\/ul>\n<\/li>\n<li>HTML\/JS\/CSS Comments\n<ul>\n<li>Intranet IPs\/addresses (.5)<\/li>\n<li>Passwords (1)<\/li>\n<li>Functionality comments (.5)<\/li>\n<\/ul>\n<\/li>\n<li>URL Structure\n<ul>\n<li>function?path=\/files\/file.asp (1)<\/li>\n<li>something?id=104 (1)<\/li>\n<li>search?q=bob&amp;charset=UTF-8 (1)\n<ul>\n<li>alternate charset<\/li>\n<li>header injection<\/li>\n<\/ul>\n<\/li>\n<li>redir?url=http:\/\/www.cnn.com\/ (.5)<\/li>\n<li>chngpasswd?usr=bob&amp;pass=1234 (2)<\/li>\n<li>\/images\/ If it shows a directory (1)<\/li>\n<\/ul>\n<\/li>\n<li>Obvious admin interfaces (2)\n<ul>\n<li>\/admin\/<\/li>\n<li>\/blog\/wp-admin\/<\/li>\n<li>\/administrator\/<\/li>\n<li>\/adm\/<\/li>\n<li>admin.url.com<\/li>\n<\/ul>\n<\/li>\n<li>Outdated Open Source or Commercial Programs\n<ul>\n<li>PHP nuke<\/li>\n<li>WordPress<\/li>\n<li>Drupal<\/li>\n<li>3\/instance<\/li>\n<li>+1 for every major revision out of date<\/li>\n<\/ul>\n<\/li>\n<li>Other questions\n<ul>\n<li>Does it allow rich HTML user comments (1)<\/li>\n<li>Does it have a send-to-friend function (1)<\/li>\n<li>Virtual host? (MSN IP search) (1)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Things this doesn\u2019t cover<\/strong><\/span><\/p>\n<ul>\n<li>Timing attacks, buffer overflows, etc<\/li>\n<li>Network infrastructure flaws (including DNS)<\/li>\n<li>Predictable file locations (VCS trees, etc)<\/li>\n<li>Logic flaws<\/li>\n<li>Backup files\/folders\/CVS trees, etc<\/li>\n<li>Alternate paths of exploitation (email, FTP, APIs, etc)<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>After giving my presentation on &#8220;Using Proxies to Secure Applications and More&#8221; at the TRISC 2009 conference, I decided to attend the presentation by Robert &#8220;RSnake&#8221; Hansen and Rob MacDougal entitled &#8220;Assessing Your Web App Manually Without Hacking It&#8221;.\u00a0 The gist of this presentation was that with a few simple tools (Web Developer Toolbar, NoScript, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[222],"tags":[229,76,230,228,158,159,102],"class_list":["post-206","post","type-post","status-publish","format-standard","hentry","category-texas-regional-infrastructure-security-conference-2009","tag-app","tag-application","tag-assessment","tag-manual","tag-penetration","tag-testing","tag-web"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-3k","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=206"}],"version-history":[{"count":3,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/206\/revisions"}],"predecessor-version":[{"id":208,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/206\/revisions\/208"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}