Anyone knows me, knows i'm not fan of web apps and here's why. They might notice that...
Trackback URL for this post:
http://carnal0wnage.attackresearch.com/trackback/383
Why I hate web app pentesting...
User login
Navigation
Trackbacks
- The Assagai phishing framework: teaser
38 weeks 3 days ago - Securing over the top - in depth vs. just sketchy
39 weeks 17 hours ago
Who's online
There are currently 0 users and 45 guests online.
Blogs
[ Metasploit ]
[ g0ne ]
[ Laramies Corner ]
[ MC ]
[ pentest monkey.net ]
[ SIPVicious ]
[ The Cover of Night ]
[ TS/SCI Security ]
[ Washington Post Sec Fix ]
Links
[ Metasploit ]
[ zero(day)solutions ]
[ EthicalHacker.net ]
[ LearnSecurityOnline ]
Syndicate
Comments
Watching logs
It only pays to watch access logs if you have a small amount of traffic to begin with. Do you think amazon.com would notice an average daily difference of 5k hits? I'd bet a paycheck that's within the realm of random fluctuations in their normal traffic. The problem CG is highlighting is also due to the shortened timescale of pentests. There's nothing preventing a real attacker from spreading those extra 30k hits over several months instead of just the week or two that a pentester has.
Watching logs
And this is why it pays to watch logs...