Results 1 to 3 of 3

Thread: The steps to find loopholes in web application

  1. #1
    Just burned his ISO
    Join Date
    Feb 2012
    Posts
    2

    Default The steps to find loopholes in web application

    Hi all, how can i find a loopholes in web application. For example i have java web based application as a target. Expert says that java based application can be by passed without entering any password. So that what is a clue or loopholes should i find in the application. Is ther any tips can i refer.

    Thanks

  2. #2
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: The steps to find loopholes in web application

    If your expert was performing formal analysis on this web application, you should have received a report detailing the "how", "where", and "why" this application was compromised. Having someone tell you the application has holes in it without proof of said holes is useless, in my opinion.

    That being said, there's no easy answer to your question. You've got to fuzz this application yourself.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: The steps to find loopholes in web application

    For example i have java web based application as a target.
    Are you talking about an JavaApplet or a JSP/Servlet web app?

    Check for testing information via OWASP:
    https://www.owasp.org/index.php/OWASP_Testing_Project
    https://www.owasp.org/index.php/OWAS...le_of_Contents

    If you actually have a grasp of how web applications function and how HTTP works, then you could try browsing the application via a personal proxy and analyzing the details that pass through the proxy for weaknesses.

    Lastly if you really don't know much about web application and HTTP, then hire a professional to do a web application VA or penetration test on the web app in question.

    Expert says that java based application can be by passed without entering any password.
    If this is really the extent of the details provided by whatever "expert" then they aren't much of an "expert".
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Similar Threads

  1. Beginners first steps and problems...
    By zoorg in forum Beginners Forum
    Replies: 2
    Last Post: 11-29-2010, 03:08 PM
  2. Install Steps 5 and 6 missing
    By SKY84FIRE in forum Beginners Forum
    Replies: 2
    Last Post: 02-13-2010, 11:20 PM
  3. baby steps
    By ilithios in forum OLD Newbie Area
    Replies: 4
    Last Post: 12-03-2008, 02:10 AM
  4. steps to associate to WPA AP
    By steveriley22 in forum OLD Newbie Area
    Replies: 9
    Last Post: 08-02-2008, 11:54 AM
  5. [Help] What is wrong ? my steps :
    By wil007 in forum OLD Newbie Area
    Replies: 12
    Last Post: 08-20-2007, 02:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •