[Owasp-testing] Authentication Mechanism

Jean-Jacques Halans halans at gmail.com
Tue Jan 5 22:14:34 EST 2010


Account data hardcoded in the applet?


2010/1/6 Zaki Akhmad <zakiakhmad at gmail.com>

> On Tue, Dec 29, 2009 at 2:51 AM, chr1x <chr1x at sectester.net> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi Zaki,
> >
> > I think that you are referring to how to footprint the authentication
> > mechanisms used by an application, if this is the one that you are
> > looking I would recommend that there are two different type of
> > authentication mechanisms (those are not the only ones) but in this
> > case, I'll mention those two:
> >
> >   1. Apache based auth ->
> >      http://httpd.apache.org/docs/2.0/howto/auth.html
> >   2. Form based auth (traditional user/password login screen)
>
> ...and this authentication mechanism using applet isn't include on
> these two. Isn't it? I wonder how this applet transport layer works,
> because I can't see the data sent on web proxy (such as paros).
>
> -za,
>
> --
> Zaki Akhmad
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>



-- 
Jean-Jacques Halans

================================
> http://Halans.com/
> http://Mapanui.com/
> http://SocialRecommendator.com/
> http://TweetFrameApp.com/
> http://NextSydneyFerry.com/
> http://ShortBackFocus.com/
> http://OfficialUnofficialPhotographer.com/
> http://FirefoxRocks.com/
> http://RedCrates.com/
================================
"Great minds discuss ideas. Average minds discuss events. Small minds
discuss people."
- Eleanor Roosevelt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100106/bca5c7cd/attachment.html 


More information about the Owasp-testing mailing list