White And Black Box Testing Of Lotus Domino Applications presented at OWASP Appsec 2010

by Ari Elias-bachrach, Casey Pike,

Tags: Security Application Security SQL

URL : http://www.owasp.org/index.php/White_and_Black_box_testing_of_Lotus_Domino_Applications

Summary : IBM’s Lotus Domino is a unique server platform which requires a unique procedure for both black and white box testing. Many standard attacks such as SQL injection are simply not possible with Domino, although at the same time many other, often more dangerous attacks are possible. A perusal of the commonly used tools reveals that there is very limited coverage of the attacks which are unique to Domino, and very little literature seems to exist. This paper seems to present the background information on how Domino works, as well as the framework for Domino specific black and whitebox testing

Ari Elias-bachrach: Ari is a CISSP and CEH. He has a BS in computer science from Washington University in St. Louis, and a MS in computer science with a focus on information security from The George Washington University. Previously he worked for the federal government, followed by a stint in the private sector as a consultant performing external penetration testing and web application reviews. Now he works as an in-house information security engineer focusing on web applications.

Casey Pike: Casey is a IBM Certified Advanced System Administrator and an MSCA+. He has a BS in information sciences from the University of Maryland, College Park. After consulting for the federal government and private firms designing and building Lotus Domino environments, he works as an in-house systems engineer for a cooperative financial institution.