0 tests such as ActiveX security. The toolbar can help ensure that
an ActiveX control on a web application is using proper security standards, such as the
use of signed controls, not marking controls safe for scripting, not marking controls safe
for initialization, and ensuring SiteLock is used.
To test the security of an ActiveX control, complete the following steps:
1. Visit www.isecpartners.com/SecurityQA Toolbar and request an evaluation
copy of the product.
2. After installing the toolbar, visit the web application containing the ActiveX
control.
3. After installing the control, select Code Handling | ActiveX Testing. See Figure 8-6.
Figure 8-5 ActiveX.stream with hidden method
214 Hacking Exposed Web 2.0
4. The SecurityQA Toolbar will automatically check for the proper security
properties within the ActiveX control. Speci?¬? cally, the SecurityQA Toolbar will
automatically check for the following items:
??? SiteLock
??? Signed Controls
??? Initialization Security
??? Scripting Security
5. Once the security toolbar has been completed, view the report by choosing
Reports | Current Test Results. The SecurityQA Toolbar will then display all
security ?¬‚ aws found from the results in the browser (Figure 8-7).
Pages:
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382