Anyone have any experience pen testing web servers protected by WatchGuard's AppLock/Web product? Anyone know of any known issues, achilles heels, etc., with this app? I would imagine the goal would be to first try to in some way kill the WatchGuard service. Obviously, the WatchGuard app must try to protect itself against the typical remote O/S and web server vulnerabilities. I had heard thru a friend about a similar attack that someone had used against a MEMCO SEOS protected server, in that they somehow successfully clobbered/killed the SEOS service, and then were off to the races. I suppose one method might be to try to back-hack the box the web server admin uses, and then leverage that access to take out the WatchGuard software & web server. Any other ideas?? Particularly related to the software itself? - Mike __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 10:50:34 PST