We do a basic automated
health check, testing to see if the demo apps are installed, checking
that the jserv port isn't open to
remote access etc.
If you need more than a generic
evaluation, then you need a
non-automated -ie human-
service.
Things to look at include:
1) analize what you are protecting -data, brand name,
downstream liability.
2) make sure all input is
validated on the server side.
3) make sure that strings
from the client can't escape
and execute arbitrary SQL/programs
4) make sure any cookies
you use are non-guessable, use
random numbers, and then
index into a server side table
Our view (but we are biased !)
is that you need a regular (low cost)
automated check up, and a one off
(expensive) consultants review.
Tim.
kishore <[EMAIL PROTECTED]> wrote:
__________
>is there any testing tool to check performance and security over
>a web server for developed web application ??
>
>
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
http://www.westpoint.ltd.uk/
Internet reconnaissance services.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
