01-24-2012 08:53 PM
Our application is based on Oracle forms.I am not able to audit the applictions because the whole applications runs on java applet on a page.
Can someone please clarify how to capture login macro for application is based on java applets and audit the application for security vulnerablities.
thanks in advance
01-25-2012 01:01 PM
I'm not familiar with Oracle Forms. Is there a demo app on the Internet that we can play with to test login macro recording? Have you tried using a session-based macro? How does the browser applet communicate with the server? Is it using standard HTTP or some other out-of-band socket traffic? It's possible, you may need to manually crawl the site and let WebInspect audit the site from that point.
02-07-2012 03:01 AM
Thank you for your reply. To add more to anandan's question, our application is based on Oracle Forms. (http://www.oracle.com/technetwork/developer-tools/
It does not use
After entering the url for the app, a separate window opens for the application as shown.
Now when trying to record a login macro for this, Web Inspect does not recognize the login window. Only the IE window with the original url is detected.
The problem is that the url remains the same no matter what is done in the application. WebInspect does not recognize this.
Any help will be greatly appreciated.
01-02-2014 03:41 PM
I am in a similar situation where I have to record a macro for the login/logout site which requires java plugins. When I try to record a macro it uses the default firefox to record a macro and asks to download the plugin. WOuld you advice if there are any settings that needs to be done for the macro recording for the site that requires java plugins?
01-08-2014 08:37 AM
-- Habeas Data