Steve, On Mon, Oct 5, 2009 at 3:16 PM, steve jacobs <[email protected]> wrote: > Out of interest, I'd be interested to know what vulnerabilities show up in > most apps you review? I guess gaping SQLi flaws are rare in companies with > decent programmers, but are there some vulnerabilties that show up time and > time against when you do these security audits? I'm seriously intreged in > the w3af framework. What would you say are the top offenders (vulnerability > wise) that always show up in almost any app?
Well... in my experience, SQL injection is there in at least 65% of the web applications I've tested. I usually test web applications from banks, financial institutions, online carts, etc. for companies in South America and USA. Also, XSS and local file read are two common vulnerabilities that you'll find in most assessments. Cheers, > > Thanks, > Steve J. > > ________________________________ > Have more than one Hotmail account? Link them together to easily access > both. > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
