parsonsisconsulting

Parsons Software Security Consulting Blog

Web Penetration testing of IBM Appscan Test Site

leave a comment »

Web Penetration Testing with Matt Parsons of Parsons Software Security Consulting.

 

 

 

 

 

Spider and Crawl the application with the web penetration testing tool of your choice.

HP Web Inspect or IBM app scan.

 

Which ever is available.  There are pros and cons to each one.

 

Look at the site structure of the application.   This can also be completed with an open source tool DIR BUSTER.

 

 

 

Count the number of pages scanned and the number of vulnerabilities found.

 

 

 

 

Look at the number of completed tests.  In this instance it is 17753.   This appears to be a complete scan with 95 pages visited.   There are 40 High Vulnerabilities, 21 Medium Vulnerabilities, 21 Low Vulnerabilities and 15 Informational Issues.

Look at the high vulnerabilities first.

 

Next time we will dive into specific software security vulnerablities.   The first step to any web penetration test is to do a crawl and scan.

 

If you have any questions or comments e-mail me at mparsons[at] gmail.com

 

Matt Parsons, CISSP, MSM

Parsons Software Security Consulting, LLC

Written by mparsons1980

November 21, 2010 at 12:19 am

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: