[Owasp-testing] Authentication Mechanism

Zaki Akhmad zakiakhmad at gmail.com
Tue Jan 5 22:02:51 EST 2010

On Tue, Dec 29, 2009 at 2:51 AM, chr1x <chr1x at sectester.net> wrote:
> Hash: SHA1
> Hi Zaki,
> I think that you are referring to how to footprint the authentication
> mechanisms used by an application, if this is the one that you are
> looking I would recommend that there are two different type of
> authentication mechanisms (those are not the only ones) but in this
> case, I'll mention those two:
>   1. Apache based auth ->
>      http://httpd.apache.org/docs/2.0/howto/auth.html
>   2. Form based auth (traditional user/password login screen)

...and this authentication mechanism using applet isn't include on
these two. Isn't it? I wonder how this applet transport layer works,
because I can't see the data sent on web proxy (such as paros).


Zaki Akhmad

More information about the Owasp-testing mailing list