Re: Web Application Testing

["M. Groen" <mgroen0 () xs4all nl>]

Thanks for the clear explanation.

One other question, does anyone happen to know if there are sites on which
you can try "pen testing" products, like WebInspect, or Hailstorm? I mean
a " playground" on which it is allowed to do pen-tensting (and make
mistakes)?

Mathijs


> Thank you very much for the feedback. It is really much appreciated.
>
> I will go after Chris suggestion (SpyDynamics) if budget allows it.
>
> Mesut, have you tried Acunetix Vulnerability Scanner?
>
> Thanks again,
>
> Fabio
>
> On 5/8/07, Chris Barber <cmbarber () gmail com> wrote:
> > SpyDynamics has a package that does just what you described.  I have
> > used it in the past and it works great.  Infact, I used it on a COTS
> > package that my company was thinking about using and we found a huge
> > flaw in the way it handled userids passwords.  We notified the
> > publisher and they were non-believers until we demoed the flaw to them
> > in person.  They fixed the problem imediately, and we eventually did
> > buy the package, after a retest with SpyDynamics' tool.
> >
> > Chris.
> >
> > On 5/8/07, Fabio Cerullo <fcerullo () gmail com> wrote:
> > > Hello all,
> > >
> > > is there any guide/tool which could help someone to do a web
> > > application security assessment?
> > >
> > > I mean... an automated tool that you could fire against the app. and
> > > will give you a report or some kind of checklist to go through in
> > > order to reinforce security.
> > >
> > > I remember from old days to have used Webtrends but i don't know if
> > > there is something new in the market.
> > >
> > > Any help will be really appreciated.
> > >
> > > Thank you very much.
> > >
> > > Fabio