Practical Web Application Security Testing - Secure Java: For Web Application Development

Java Reference

In-Depth Information

80/tcp open http Microsoft IIS webserver 6.0

|_ html-title: Example Dot.com | Home

110/tcp open pop3 MailEnable POP3 Server

|_ pop3-capabilities: USER TOP UIDL

135/tcp filtered msrpc

139/tcp filtered netbios-ssn

443/tcp open ssl/http Microsoft IIS webserver 6.0

|_ html-title: 403 Forbidden

|_ sslv2: server still supports SSLv2

445/tcp filtered microsoft-ds

1022/tcp filtered unknown

1023/tcp filtered netvenuechat

1025/tcp open msrpc Microsoft Windows RPC

3306/tcp open mysql?

3389/tcp open microsoft-rdp Microsoft Terminal Service

3914/tcp open msrpc Microsoft Windows RPC

8009/tcp open ajp13?

8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1

|_ html-title: Apache Tomcat/5.5.4

8099/tcp open http Microsoft IIS webserver 6.0

|_ html-title: The page must be viewed over a secure channel

8402/tcp open http Microsoft IIS webserver 6.0

|_ html-title: Plesk Site Builder

8443/tcp open http Apache httpd 2.0.52 (mod_ssl/2.0.46 OpenSSL/0.9.7b

PHP/4.3.4)

|_ html-title: 400 Bad Request

Device type: general purpose

Running: Microsoft Windows 2003

OS details: Microsoft Windows Server 2003 SP1 or SP2

Service Info: Host: win1.interactivedns.com; OS: Windows

WHOIS Internet Web sites also provide basic information about the type of server that the

Web application is hosted on. For example, the Web site whois.domaintools.com provides details

about the IP address of the server and the type of Web server that the Web application has been

hosted on. Figure 12.7 illustrates the use of an Internet Web site to gain information about the

server and operating system details about a target host.

SSL information is also a signiicant information-gathering tool for Web application security

testing. A tester should gather information about the SSL certiicate to ensure that it is strong. he

tester should deploy software like HTTPrint to enumerate the strength of the SSL certiicate being

deployed to protect the organization's Web application.

12.2.1.3 Spidering

Web spidering is a useful information-gathering tool on the Web. Web applications usually tend

to consist of several pages that are present in several directories in the server's public folder. hese

pages are part of the Web application and may be used for the performance of several activities

of the application. A Web spidering tool provides the directory structure of the Web application.

It recursively locates folders and iles of the Web application and displays the output to the user.

Some Web spidering tools also provide additional information that is very useful to the tester.

Some of the additional information is that the spidering tool will query the Web page and will

Secure Java: For Web Application Development

Search WWH ::

Custom Search

Home