Web Application Footprints and Discovery
Author: Shreeraj Shah, net-square
Monday, 28 February 2005, 12:00 GMT
Reader Comments | Add your opinion
Web application assessment begins with IP address and ports (80/443) – this is very common practice. But there is flaw in this method.
What if a web server is running with multiple virtual hosts? In other words, one server is running more than one web application.
In such a scenario, a web application assessment done on such IP/Port combinations may fail and produces partial results. Doing a reverse DNS on the IP and using it as HOST field in HTTP is an option, but may also fail most of the time. So, where does the solution to this problem lie? The solution lies in the WHOIS information database and DNS server.
This paper describes how to fetch this information and follow up with the discovery process for web applications.
Read the full paper in PDF here
 Add IT Observer Reviews to your
RSS newsreader or
Reader Comments:
|
Featured Products
Hi-WiFi - WiMax, 3G and Wireless
broadband technologies blog.
SecurityWatch - 24x7 Advisory and Vulnerabilities automated monitoring service.
GFI LANguard Network Security Scanner - Network-wide security vulnerability scanning & fixing - Free version available.
Network Security Software - Sponsored by GFI.
|
