Penetration Testing Report - Sample Report Mar 23 2004 08:42AM
Imperva Application Defense Center (adc imperva com)
Dear SecPapers List,

Imperva(tm)'s Application Defense Center (formerly WebCohort Research)
has released a new paper.

This paper demonstrates a real Application Penetration Testing Report,
as should be provided at the end of an application penetration testing.
The penetration testing was performed on a sample e-commerce application
named SuperVeda, developed by Imperva(tm) for demonstration, testing and
training purposes. At the end of the penetration testing, a report was
written, as if the site belongs to a real customer.

This paper can be interesting both for technical and non technical
audiences. IT/Security personnel can use it to get an idea of what they
will be receiving at the end of an Application Penetration Testing.
Technical people can use this paper to have better understanding of the
vulnerabilities found in modern web applications, as they present
themselves in a real world application.

Some of the vulnerabilities presented in this paper:
- SQL Injection
- Unauthorized Access to Accounts
- Cross Site Scripting
- Parameter Tampering
- Forceful Browsing
- Cookie Poisoning

The sample report was written by Moran Surf, an Application Security
Expert in Imperva(tm)'s Application Defense Center.

The paper can be found at:


Imperva(tm)'s Application Defense Center <adc imperva com>

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus