A good place to look.... well in researching so many new texts on web app vulnerabilities, they all rightfully begin with the "fingerprinting" of the application to not only understand how it works but with what technologies it depends upon. This may not be much of a revelation to some but it was a bit of a "....why didn't I think of that before..." to me. I was poking around a job board reading potential employment opportunities and in reading a specific job description (all of them had this trait in fact) I realized that the employer, in giving it's ideal candidate prerequisites, also gave all of the technologies it currently uses! It said something like this:
Ideal Qualifications:
BS degree in Computer Science or related discipline preferred.
Strong knowledge and proficiency for system administration and concepts for software utilized in HP Peregrine Service Center, HP Peregrine Asset Center and MS SQL Server.
ITIL experience with and/or ITIL certification
Bank operations and proven project management experience is a plus
Prior operational experience in a support position and/or in a position requiring a high level of technical customer service.
Strong organizational abilities
So I now know that this employer uses HP Peregrine Service Center, HP Peregrine Asset Center and MS SQL Server... (which is really nice to know so that I do not waste time trying to inject the incorrect SQL syntax if they are in fact vulnerable to SQL Injection) and it goes without saying that if you do not know what the technologies are you can easily Google for the latest vulnerabilities. I searched through additional job postings and they did the same in all of them, effectively "fingerprinting" their entire technology network for me! Who needs tools (just kidding)... again so much of hacking boils down to you, not the tools that you have, for YOU are the most powerful tool in your arsenal!
No comments:
Post a Comment