Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: looking for a webapp bruteforce video for non-techies

RE: looking for a webapp bruteforce video for non-techies

From: Martin O'Neal <martin.oneal_at_corsaire.com>
Date: Tue, 3 Jun 2008 17:01:29 +0100

> It didn't help that the password was only 5
> characters!

That may not actually be such a bad password (on balance and in
context). Sure it is a dictionary/leet word variant, but five
characters actually carry plenty of entropy (if mixed case and numerics
are also used). However, if you have an authentication mechanism that
doesn't lock out an account and *allows* brute forcing, it doesn't
really matter how strong the password is; given enough
universe-lifetimes an attacker will always guess it eventually.

Choose your battle wisely. Choose to fight the broken auth.

Martin...

PS I don't have a brute forcing clip, but I do have a video of my
cousin's dog catching a frisbee if you're interested

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jun 03 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]