This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Testing: Information Gathering"

From OWASP
Jump to: navigation, search
(Information Gathering)
(Information Gathering)
Line 24: Line 24:
 
[[Infrastructure configuration management testing AoC|4.2.4 Infrastructure configuration management testing]]
 
[[Infrastructure configuration management testing AoC|4.2.4 Infrastructure configuration management testing]]
  
Often the infrastructure and topology of the web servers can reveal different kind of information which an security tester can use during a web application assessment; For this reason it's possible to obtain various data as source code of the applications, administration functionalities and infrastructural configurations.
+
Often an analysis on the infrastructure and topology architecture can reveal different kind of information about a web application as source code, HTTP methods allowed, administration functionalities, authentication methods and infrastructural configurations.
 +
For this reason a verify only on the web applications can't be an exhaustive test considering the very large numbers of information that it's possible to obtain during a security assessment analyzing all the components present in a network.
 
    
 
    
 
''Infrastructure configuration management testing:''<br>
 
''Infrastructure configuration management testing:''<br>

Revision as of 15:38, 3 November 2006

[Up]
OWASP Testing Guide v2 Table of Contents

Information Gathering


Every step about security testing needs a first phase oriented to collection of the information necessary for the correct development of penetration test on web applications.
This activity can be carried out to search on different sources and with many methods using public tools as search engine, using fictitious requests purposely forged to receive error messages that give back the versions and technologies used for the application or analyzing and discovering the front-end/back-end infrastructure and applications with the purpose to collect many other useful information.
Often it’s possible to gather this information by receiving a response from the application targets because there're old and backup files or default bad configurations not changed from administrators on web server.

4.2.1 Application Discovery

The application discovery testing is an activity oriented to the identification of the web applications hosted on a web server.
This analysis is important because many times there isn't a direct link with the main application and for this reason a discovery analysis is useful to notice every web-app used for administration, old versions or others never deleted and created for a test development phase.

4.2.2 Spidering and googling

This phase of the Information Gathering process consists in a browsing and capturing of the resources find on the web but the operations that are possibile to perform in this analysis consist also in the collection of the information available on the search engines and extractable using the their particular functionalities.

4.2.3 Analisys of error code

The web applications provide during a penetration test many information (as error codes) about technologies and products using particular requests forged expressly for this scope.
Often to find these information it isn't need to have particular skills because the web applications with errors on the source code or with infrastructural problems provide these data themselves.

4.2.4 Infrastructure configuration management testing

Often an analysis on the infrastructure and topology architecture can reveal different kind of information about a web application as source code, HTTP methods allowed, administration functionalities, authentication methods and infrastructural configurations. For this reason a verify only on the web applications can't be an exhaustive test considering the very large numbers of information that it's possible to obtain during a security assessment analyzing all the components present in a network.

Infrastructure configuration management testing:
SSL/TLS Testing:
DB Listener Testing:
Application configuration management testing:
File extensions handling:
Old file testing:
4.2.1 Application Discovery
4.2.2 Spidering and googling
4.2.3 Analisys of error code
4.2.4 Infrastructure configuration management testing
4.2.4.1 SSL/TLS Testing
4.2.4.2 DB Listener Testing
4.2.5 Application configuration management testing
4.2.5.1 File extensions handling
4.2.5.2 Old, backup and unreferenced files


OWASP Testing Guide v2 Table of Contents