|
|
Penetration Testing
OWASP Top 10 penetration testing software? Feb 28 2012 07:35PM webcat (matthew mckinzie lewin com) (7 replies) Re: OWASP Top 10 penetration testing software? Feb 28 2012 09:40PM Nathalie Vaiser (nvaiser gmail com) Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:44PM psiinon (psiinon gmail com) (1 replies) Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:33PM Tim Gonzales (tim gonzales gmail com) Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:15PM martin mngoma gmail com (1 replies) Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:44PM Robert Wood (robertwood50 gmail com) (1 replies) Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:09PM Michele Orru (antisnatchor gmail com) Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:07PM M. Hani Benhailes (kroosec gmail com) (1 replies) Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:32PM webcat (matthew mckinzie lewin com) |
|
Privacy Statement |
> Hi,
>
> You should be careful with scanners that claim to test "the OWASP Top Ten".
> For example, "Insecure Cryptographic Storage" is one of the OWASP Top
> Ten but this is typically only detectable server side, so no web app
> scanner will find it :)
So Simon, a penetration testing won't cover all?
The simplest test case for this insecure cryptographic storage is by
requesting a forgot password. If the web application sends your
password in clear text, then you found the issue.
--
Zaki Akhmad
OWASP Indonesia
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]