Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
vulnerable targets on sharepoint, oracle app express, sap portal,etc?
Posted by: stock99
Date: December 11, 2011 01:29AM

Our company use vendor based web products like "sharepoint", "oracle application express" and "sap portal",etc. I would like to run a thorough security assessment on website built using those solution. At the moment, I only know to use automated tools like nessus to scan for missing OS/software patch and webinspect for general xss/sqli (which is probably webinsepct good at). So, my focus is not just web app security but the underline platform security as well.

I understand that automated tool can only take me so far. So I am wondering if I should build a sample site on each product (above mentioned) and testing out potential security flaws? I did a quick google search and didn't see anyone creating sample target on the 3 products. I guess it is mainly license issue preventing project like owaspbwa including those above mentioned environment? Does anyone across the initiative like owaspbwa but against those vendor product?


Appreciated if anyone can give me some comment. I am pretty new in security and not very good at asking question,please don't feel offend by my no-brainer question.

Thanks.



Edited 1 time(s). Last edit at 12/11/2011 01:29AM by stock99.

Options: ReplyQuote


Sorry, only registered users may post in this forum.