Exploiting Security Gateways Via Web Interfaces
The security of security software is often taken for granted, and people assume that as it has been developed by a company that knows security it is likely to be secure.
However with regards to Security Gateway UIs this is an incorrect assumption, the developers who design code and test the UI are not necessarily security aware.
Examination of the latest versions of various Security Gateway products for this paper has shown that the Web UI is vulnerable to a number of exploits that could allow an attacker to gain control of the UI. This paper will explore some of the most common vulnerabilities and examine some real-world examples of exploits and how they could be used.
We therefore hope that this paper will act as a useful guide for Penetration Testers, Developers who design product UIs and other security professionals.