Web App Audit in 3 easy steps – powered by SANS

SANS released a paper on Web Applications Audit. It’s more of a guide to low hanging fruit website assessment, but still is a good resource . The article begins with setting up , adjusting and configuring the tool arsenal and then walks the reader trough implementation and conclusions. As simple as the SANS workflow may seem, there are numerous website which won’t pass this security test.

These tests will only find obvious problems and are less likely to find more complex issues. We totally neglect some common problems like response-splitting or secondary SQL injection issues, and we spent little time on actually exploiting these problems. See this 1 hour audit as a due diligence test that should be done periodically.

However, what I find to be intriguing is that there are no web application scanners listed. And I appreciate this. Well .. they could have listed WebInspect . Did I say i love this tool ? * I’m not affiliated with SPI Dynamics in any way , I just hope that mentioning the tool quite often will get me a personal license – Hint ! Hint 🙂

Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post

Subscribe without commenting

Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge