Embed Size (px)
Citation preview
EC-Council Licensed Penetration Tester
Test: Application Penetration Testing
Penetration Tester: ____________________________
Organization: ________________________________
Date: _______________Location: ________________
Confidential 1 Template APT/28
EC-Council Licensed Penetration Tester
Test 1: Fingerprinting the Web Application Environment
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 2: Investigate the Output from HEAD and OPTIONS Http Requests
Website URL:
Confidential 2 Template APT/28
EC-Council Licensed Penetration Tester_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 3: Investigate the Format and Wording of 404/Other Error Pages
Website URL:_____________________________________________________________________
Error message:_____________________________________________________________________
Confidential 3 Template APT/28
EC-Council Licensed Penetration Tester_____________________________________________________________________
_____________________________________________________________________
Error message:_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Error message:_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________________________________
Test 4: Test for Recognized File Types/Extensions/Directories
Website URL:_____________________________________________________________________
Recognized common file types/extensions/directories: _____________________________________________________________________
_____________________________________________________________________
Confidential 4 Template APT/28
EC-Council Licensed Penetration Tester_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
___
Test 5: Examine Source of Available Pages
Website URL:_____________________________________________________________________
Source code of the page:
Confidential 5 Template APT/28
EC-Council Licensed Penetration Tester
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
_________________________________________________________________________________
Test 6: Manipulate Inputs in Order to Elicit a Scripting Error
Website URL:_____________________________________________________________________
Manipulated input:_____________________________________________________________________
Confidential 6 Template APT/28
EC-Council Licensed Penetration TesterScripting error message:_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
________________________
Test 7: Test Inner Working of a Web Application
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
Confidential 7 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 8: Test Database Connectivity
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 8 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 9: Test the Application Code
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 9 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 10: Test the Use of GET and POST in Web Application
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 10 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 11: Test for Parameter-Tampering Attacks on Website
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________Confidential 11 Template APT/28
EC-Council Licensed Penetration TesterTest 12: Test for URL Manipulation
Website URL:_____________________________________________________________________
Modified URL:__________________________________________________________________________________________
__________________________________________________________________________________________
___________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
______________________________
Test 13: Test for Cross Site Scripting
Website URL:_____________________________________________________________________Confidential 12 Template APT/28
EC-Council Licensed Penetration TesterTool used:
Paros proxy Fiddler Burp proxy TamperIE
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
______
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
_____________________________________________
Test 14: Test for Hidden Fields
Website URL:_____________________________________________________________________
Hidden fields discovered:_____________________________________________________________________
Confidential 13 Template APT/28
EC-Council Licensed Penetration Tester_____________________________________________________________________
_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
___________________________________________________
Test 15: Test for Cookie Attacks
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
Confidential 14 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 16: Test for Buffer Overflows
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 15 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 17: Test for Bad Data
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 16 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 18: Test Client-Side Scripting
Website URL:_____________________________________________________________________
Injected code: _____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
Confidential 17 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
___________________________________________________
Test 19: Test for Known Vulnerabilities
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________Confidential 18 Template APT/28
EC-Council Licensed Penetration TesterTest 20: Test for Race Conditions
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 21: Test with User Protection via Browser Settings
Website URL:_____________________________________________________________________
Confidential 19 Template APT/28
EC-Council Licensed Penetration TesterTest Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 22: Test for Command Execution Vulnerability
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
Confidential 20 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 23: Test for SQL Injection Attacks
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 21 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 24: Test for Blind SQL Injection
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 22 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 25: Test for Session Fixation Attack
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 23 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 26: Test for Session HijackingTarget users’ IP addresses:__________________________________________________________________________________________
__________________________________________________________________________________________
___________________________
Decommissioning of the host (DoS) is done: Yes [ ] No [ ]__________________________________________________________________________________________
__________________________________________________________________________________________
___________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
Confidential 24 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
___________________________________________________
Test 27: Test for XPath Injection Attack
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 28: Test for Server Side Include Injection Attack
Confidential 25 Template APT/28
EC-Council Licensed Penetration Tester
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 29: Test for Logic Flaws
Website URL:_____________________________________________________________________
Test Results:Confidential 26 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 30: Test for Binary Attacks
Website URL:_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________Confidential 27 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________
Test 31: Test for XML Structural
Website URL:_____________________________________________________________________
Malformed XML message:
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
______________________________________________________
Parameter validated: Enumeration
Confidential 28 Template APT/28
EC-Council Licensed Penetration Tester
fractionDigits Length maxExclusive maxInclusive maxLength minExclusive minInclusive minLength Pattern totalDigits whiteSpace
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
_________________________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
Confidential 29 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
_________________________________________________________
Confidential 30 Template APT/28
EC-Council Licensed Penetration Tester
Test 32: Test for XML Content-level
Website URL:_____________________________________________________________________
Tool used:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
___________________________________________________________________________
Modified parameters:
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
___________________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
____________________________________________________________
Test 33: Test for WS HTTP GET Parameters/REST Attacks
Website URL:_____________________________________________________________________Confidential 31 Template APT/28
EC-Council Licensed Penetration TesterHTTP GET query strings tested:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
______________________________________________________
Validate parameters: Maximum length and minimum length Validate payload Implement “exact match", "known good" and "known bad" in order Validate parameter names and existence
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
___________________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
_________________________________
Test 34: Test for Malicious SOAP Attachments
Host server’s URL:_____________________________________________________________________
Web Service Definition Language (WSDL) that accepts attachment:
Confidential 32 Template APT/28
EC-Council Licensed Penetration Tester__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
______
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
________________________________________________________________________
Test 35: Test for WS Replay
Proxy tool used for WS Replay:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
______
Sniffer used to capture traffic:_____________________________________________________________________Confidential 33 Template APT/28
EC-Council Licensed Penetration Tester
Host server address:
_____________________________________________________________________
Test Results:__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
________________________
Confidential 34 Template APT/28
