To help make sure the proper ActiveX security settings have been placed on IE, iSEC
Partners created a tool to automate the process. The tool will automatically look at the
browser??™s security setting for ActiveX settings and produce a report that will show
whether best practices are being followed. Complete the following steps to audit the IE
ActiveX security settings:
1. Download SecureIE.ActiveX from www.isecpartners.com/tools.html.
2. Start the program by choosing Start | Programs | iSEC Partners | SecureIE.
ActiveX.
3. At the command prompt, type SecureIE.ActiveX.exe.
4. Type the name of the system you wish to check, such as Sonia.Laptop and press
return. See Figure 8-11.
SecureIE.ActiveX will analyze the IE security settings for ActiveX. Once the analysis
is complete, the tool will print the results to the screen and create an HTML report, as
shown in Figure 8-12.
Figure 8-11 iSEC Partners??™ Secure.ActiveX.IE analyzer tool
222 Hacking Exposed Web 2.0
SUMMARY
ActiveX is a technology that has many benefits for web application developers, but with
ultimate power comes ultimate responsibility. ActiveX controls can add, delete, modify,
or update information outside the user??™s web browser and straight into the operating
system.
Pages:
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391