Web Application Penetration Testing

Web Server Security

Database Security

Application Server Security

Vulnerability Archive

Secure Development

Application Firewalls

Main -> Penetration Testing - SQL Injection - Cross Site Scripting

TOPIC'S

Security Services

Submit News

Syndicated News

Hosting generously provided by

www.mv.com

Penetration Testing (Suggest a link addition)

This section provides information for penetration testers. Some of this content is in other sections of this website already (The library). I just created this page as a quick reference. Please, if you feel I that I've missed a important link or document (Or you just feel like chatting :) Email Me.

The best way to find information is to use our search engine on the right.

Articles:
Penetration Testing for Web Applications (Part One)
Penetration Testing for Web Applications (Part Two)
Penetration Testing for Web Applications (Part Three)

Site Sections:
SQL Injection Page
Cross Site Scripting (XSS)

Session ID Attacks:
Brute-Force Exploitation of Web Application Session IDs, November 1, 2001 (PDF)
- David Endler iDefense

Session Fixation Vulnerability in Web-based Applications v1.0, December 2002 (PDF)
- ACROS Security

Cookie Modification and Poisoning:
Hacking Web Applications Using Cookie Poisoning, 2002 (PDF)
- Amit Klein/sanctuminc

HTTP Header Modification:
Header Based Exploitation: Web Statistical Software Threats, January 2002 (TXT)
- www.cgisecurity.com

TCP Port 80 - HyperText Transfer Protocol (HTTP) Header Exploitation, Sept 11th 2002 (HTML)
- William Bellamy Jr.

CRLF Injection, (TXT)
- Ulf Harnhammar

Log Forensics:
Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures. , November 2001 (TXT)
- www.cgisecurity.com

Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two., March 2002 (TXT) (HTML)
- www.cgisecurity.com

Web Application Forensics: The Uncharted Territory, 2002 (PDF)
- Ory Segal/sanctuminc
Note: This paper has been posted for its information base only, and we in no way promote or support the products mentioned within.

PHP:
A Study in Scarlet: Exploiting Common Vulnerabilities in PHP Applications (TXT) (Spanish) (French)
"A reprint of reminisces from the Blackhat Briefings Asia 2001"
- Shaun Clowes, SecureReality

Secure Programming in PHP, January 30, 2002 (HTML)
- Thomas Oertli

Perl:
CGI/Perl Taint Mode FAQ, June 3rd, 1998 (HTML)
- Gunther Birznieks

Security Issues in Perl Scripts (HTML)
- Jordan Dimov

Misc Documentation:
Application Security Assessments: Advice on Assessing your Custom Application, 2002 (HTML)
- Gunter Ollmann

Ethical Hacking Techniques to Audit and Secure Web-enabled Applications (PDF)
- sanctuminc

LDAP Injection: Are your web applications vulnerable?, July 28th 2003 (Remote Copy)
- SPI LABS

Application Penetration test (SAMPLE)
- Imperva

External Links:
Copyright 2000-2007 Cgisecurity.com.
Providing Web Security news since 2000. Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape. Website Security Web Application Security solid state drives ssd ebay ebay topdeals . buy macbook air not work safe software security

Popular Links By Subject

Sponsored Link (Advertise)

Subscribe to CGISecurity.com

The Web Security Mailing List

Re: [WEB SECURITY] Fake Captcha Protection

Re: [WEB SECURITY] Fake Captcha Protection

Re: [WEB SECURITY] webapp security curse

[WEB SECURITY] FW: What's the Difference; PEN Testing and Black Box Testing?

RE: [WEB SECURITY] FW: What's the Difference; PEN Testing and Black Box Testing?

Re: [WEB SECURITY] FW: What's the Difference; PEN Testing and Black Box Testing?

Re: [WEB SECURITY] FW: What's the Difference; PEN Testing and Black Box Testing?

Re: [WEB SECURITY] FW: What's the Difference; PEN Testing and Black Box Testing?

[WEB SECURITY] Confirmed Program for SyScan'08 Hong Kong

Re: [WEB SECURITY] Fake Captcha Protection

Contact us

Post News, get linkage!