[Owasp-ireland] Pen Testing Oracle Forms App

Fabio Cerullo fcerullo at owasp.org
Wed May 14 08:21:25 UTC 2014


Leo

This might help:

http://oldmanlab.blogspot.ie/2013/07/oracle-forms-application-security.html?m=1

Fabio

On Wednesday, May 14, 2014, Eoin Keary <eoin.keary at owasp.org> wrote:

> What issues are you having with Burp/Zap? I've tested oracle forms using
> both tools.
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 14 May 2014, at 09:06, Leo McCavana <leomccavana at hotmail.com<javascript:_e(%7B%7D,'cvml','leomccavana at hotmail.com');>>
> wrote:
>
> Hello Folks,
>
> I've been asked to take a look at pen testing an Oracle Forms app.  Bit of
> a departure from the usual web apps/services/mobile gig.  Does anybody have
> any advice about getting Oracle Forms to play ball with Burp (or ZAP)?
> It's running inside a web browser - and utilizes 'Oracle Fusion Middleware
> Forms Services'.  Given that modifying my browser proxy settings doesn't
> seem to work, I'm thinking about modifying my local hosts file to funnel
> traffic to Burp.  Has anybody done that for an Oracle Forms app?
>
> Also, if there is any specific 'gotchas' I need to be aware of when
> looking at Oracle forms, I'd be interested to learn from anybody who has
> been there and bought the t-shirt! :-)  I've had a really quick look on
> Google and there doesn't seem to be a great deal of stuff out there.
>
> Any and all recommendations would be much appreciated!
>
> Thanks,
>
> Leo
>
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org<javascript:_e(%7B%7D,'cvml','Owasp-ireland at lists.owasp.org');>
> https://lists.owasp.org/mailman/listinfo/owasp-ireland
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20140514/9bd162e1/attachment.html>


More information about the Owasp-ireland mailing list