Any specific ideas for testing .NET/C#/Dynamics CRM customizxations with ZAP?
29 views
Skip to first unread message
Anssi Porttikivi
Nov 28, 2017, 2:58:31 AM11/28/17
to OWASP ZAP User Group
That't what I am about to do. I have more exprience with Burp...
guttula
Nov 29, 2017, 6:16:19 AM11/29/17
to OWASP ZAP User Group
About the .NET, I can only recommend to try and locate the most clearly custom components and test those.
If this is more about the transitioning from other tools, then do what you would usually do, and if there is something you are lacking its probably just named differently, packaged into an extension or done in an easier/harder/different way than with other tools. The core help on github and searches on this board are the ones that helped me the most. Finns and irc are quite a common combo, so I'll at least mention #webse...@irc.mozilla.org
If this is more about the transitioning from other tools, then do what you would usually do, and if there is something you are lacking its probably just named differently, packaged into an extension or done in an easier/harder/different way than with other tools. The core help on github and searches on this board are the ones that helped me the most. Finns and irc are quite a common combo, so I'll at least mention #webse...@irc.mozilla.org
kingthorin+owaspzap
Nov 29, 2017, 7:04:07 AM11/29/17
to OWASP ZAP User Group
Great advice guttula.
Of course if there’s something you still can’t find or figure out how to do just let us know.
Of course if there’s something you still can’t find or figure out how to do just let us know.
Anssi Porttikivi
Nov 29, 2017, 7:19:37 AM11/29/17
to OWASP ZAP User Group
Thx for hints. Yes, indeed I am focusing on the customizations.
I will have to do a source code review for them, too. I guess the biggest work is to understand the .NET framework logic, the Dynamics CRM basic logic, its security controls, and how you can possible blow that in a bad customization.
I was just probing, if ZAP would have some nice .NET/MS/C#/DynamicsCRM specific add-ons, or just procedures that map to these. Starting from VIEWSTATE analysis.
I collect related stuff here https://pinboard.in/u:gatestone/t:dotnet/
I will have to do a source code review for them, too. I guess the biggest work is to understand the .NET framework logic, the Dynamics CRM basic logic, its security controls, and how you can possible blow that in a bad customization.
I was just probing, if ZAP would have some nice .NET/MS/C#/DynamicsCRM specific add-ons, or just procedures that map to these. Starting from VIEWSTATE analysis.
I collect related stuff here https://pinboard.in/u:gatestone/t:dotnet/
Reply all
Reply to author
Forward
0 new messages