When testing any of the web objects and api’s, pay particular attention to validation of incoming parameters for any of the vulnerabilities mentioned in OWASP. Refer to the
OWASP online documentation (especially the current top 10 list) and
how Theatre Manager addresses those as part of your coding and testing the web components.
The object pertinent to web listeners are:
- Anything that starts with 'oWebCom' - each of which represents a unique API to the database from the web
- wWebSales - which is the GUI interface to the web component
- rtWebSales - which is the remote task started every time an end user sends a URL to the apache server.
|
The web sales listener can only respond to traffic sent to it via the nginx module.
|
- cWebSales - the broker for transferring messages to/from the interface and any instance of a web object that was created