[Owasp-testing] Authentication Mechanism

Zaki Akhmad zakiakhmad at gmail.com
Tue Jan 5 22:02:51 EST 2010


On Tue, Dec 29, 2009 at 2:51 AM, chr1x <chr1x at sectester.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Zaki,
>
> I think that you are referring to how to footprint the authentication
> mechanisms used by an application, if this is the one that you are
> looking I would recommend that there are two different type of
> authentication mechanisms (those are not the only ones) but in this
> case, I'll mention those two:
>
>   1. Apache based auth ->
>      http://httpd.apache.org/docs/2.0/howto/auth.html
>   2. Form based auth (traditional user/password login screen)

...and this authentication mechanism using applet isn't include on
these two. Isn't it? I wonder how this applet transport layer works,
because I can't see the data sent on web proxy (such as paros).

-za,

-- 
Zaki Akhmad


More information about the Owasp-testing mailing list