Figure 8-5 shows the hidden method, as shown by the ActiveX.stream text shown on the
top of the page and www.isecpartners.com shown on the browser??™s status bar.
Testing for ActiveX Security
Now that you understand the basics of ActiveX security controls, it is important to test
the controls to verify their security. The following section describes how to test for the
security flaws described in the preceding sections. The testing will also discuss both
manual procedures and automated tools to perform the testing.
Figure 8-4 ActiveX.stream results
Chapter 8: ActiveX Security 213
Automated Testing with iSEC??™s SecurityQA Toolbar
The testing process for ActiveX COM objects on web applications is often cumbersome
and complex. To ensure that ActiveX controls get the proper security attention, iSEC
Partners??™ SecurityQA Toolbar provides a feature to test ActiveX controls for security. The
SecurityQA Toolbar is a security testing tool for web application security. It is often used
by developers and QA testers to determine an application??™s security both for a specific
section of an application as well as the entire application itself.
The SecurityQA Toolbar provides many features to test for web application security,
including several Web 2.
Pages:
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381