Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical FW: Penetration Testing Report - Sample Report

  • From: Howell, Paul
  • Date: Wed Mar 24 08:51:17 2004 

-----Original Message-----
From: Imperva Application Defense Center [mailto:adc@imperva.com] 
Sent: Tuesday, March 23, 2004 3:43 AM
To: secpapers@securityfocus.com
Subject: Penetration Testing Report - Sample Report


Dear SecPapers List,

Imperva(tm)'s Application Defense Center (formerly WebCohort Research) has
released a new paper.

This paper demonstrates a real Application Penetration Testing Report, as
should be provided at the end of an application penetration testing. The
penetration testing was performed on a sample e-commerce application named
SuperVeda, developed by Imperva(tm) for demonstration, testing and training
purposes. At the end of the penetration testing, a report was written, as if
the site belongs to a real customer.

This paper can be interesting both for technical and non technical
audiences. IT/Security personnel can use it to get an idea of what they will
be receiving at the end of an Application Penetration Testing. Technical
people can use this paper to have better understanding of the
vulnerabilities found in modern web applications, as they present themselves
in a real world application.

Some of the vulnerabilities presented in this paper:
   - SQL Injection
   - Unauthorized Access to Accounts
   - Cross Site Scripting
   - Parameter Tampering
   - Forceful Browsing
   - Cookie Poisoning

The sample report was written by Moran Surf, an Application Security Expert
in Imperva(tm)'s Application Defense Center.

The paper can be found at:
http://www.imperva.com/application_defense_center/white_papers/default.a
sp?show=pentest

---
Imperva(tm)'s Application Defense Center <adc imperva com> 
http://www.imperva.com/adc

------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.