APPLICATION PENETRATION TEST SUPER VEDA

More documents

Recommendations

Info

Application Penetration Test for Super Veda- Sample Report -Now the attacker heads towards the comment page, where he addscomment by his name.Later on, when a user logs into a page including the name of the attacker,for instance the product’s comments page, he will receive, from the server,the script code embedded in the commenting user’s first name.ImpervaPage70 of73
Application Penetration Test for Super Veda- Sample Report -Script Injection using the Comment PageAnother page where an attacker can know that any visiting innocent userwill surely view is the comments page. Injecting a script into that page,again, would result in attacking any visiting client, since the commentscode is saved on the server-side, and sent to a visiting user.The attacker can add comment that include a malicious code to any of theproducts in the site.A visiting user choosing to view the product’s comment would be receivingthis script code, and run it on his machine, enabling the attacker to havefiles sent to the 'attacker’s machine, install Trojans on the clients, and othermalicious attacks.ImpervaPage71 of73
Page 1 and 2:
APPLICATION PENETRATION TESTSUPER V
Page 3 and 4:
REFERENCESREF DOCUMENT VERSION DATE
Page 5 and 6:
5.6 Script Injection into User’s
Page 7 and 8:
Application Penetration Test for Su
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20: Application Penetration Test for Su
Page 69: Application Penetration Test for Su
Page 73: Application Penetration Test for Su
show all

APPLICATION PENETRATION TEST SUPER VEDA

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?