[WEB SECURITY] Automated Privilege Escalation Testing in Web Applications - a whitepaper

Ory Segal osegal at watchfire.com
Fri Dec 22 04:57:57 EST 2006

I have recently wrote a short whitepaper on the subject of automated
Privilege Escalation testing in web applications. The paper covers some
basic Privilege Escalation scenarios and facts, as well as the
challenges of Manual vs. Automated processes.
This whitepaper was written for Watchfire and therefore it also
discusses the new Privilege Escalation testing capabilities in AppScan.
Nevertheless, after consulting with Jeremiah Grossman and Robert Auger,
we thought it would be interesting enough for members of this list,
despite the noted vendor affiliation.
"Automated Privilege Escalation Testing in Web Applications":
Thank you,
Ory Segal,
Director of Security Research
Watchfire (www.watchfire.com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20061222/1211f26f/attachment.html>

More information about the websecurity mailing list