myf00

I started last Wednesday my first penetration test to a web application. I have to be very careful since it’s a production environment but I already have discovered authorization problems as well a failure in the authentication mechanism due to badly configured redirections.

The penetration test is programmed to occur over a period of one month. Two approaches are being used, black box and white box. I’m doing the black box approach, while my superior and colleague will be doing the white box approach. I will post the juicy details in the end, after the report has been delivered to the client.