April 2011
Intermediate to advanced
500 pages
16h 12m
English
Content preview from Developer's Guide to Web Application Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
■
Based on the results of the scans and the information discovered upon con-
necting with the target’s HTTP service, we know a number of elements
that will aid us in our attack plan:
■
The target system OS Microsoft 2000 Server
■
The target system services FTP, telnet, SSH, Finger, HTTP, IMAP
■
The Web server Microsoft IIS v5.0
With these three elements in mind, we can consult our own personal database of
vulnerabilities or similar databases on the Web such as the Common Vulnerabilities
and Exposures site (http://cve.mitre.org/cve), the vulnerability database and Bugtraq
archives at SecurityFocus (www.securityfocus.com), or the listings of exploits avail- ...