Security Basics mailing list archives
Re: Web Application Testing
From: "M. Groen" <mgroen0 () xs4all nl>
Date: Wed, 9 May 2007 08:42:39 +0200 (CEST)
Thanks for the clear explanation. One other question, does anyone happen to know if there are sites on which you can try "pen testing" products, like WebInspect, or Hailstorm? I mean a " playground" on which it is allowed to do pen-tensting (and make mistakes)? Mathijs
Thank you very much for the feedback. It is really much appreciated. I will go after Chris suggestion (SpyDynamics) if budget allows it. Mesut, have you tried Acunetix Vulnerability Scanner? Thanks again, Fabio On 5/8/07, Chris Barber <cmbarber () gmail com> wrote:SpyDynamics has a package that does just what you described. I have used it in the past and it works great. Infact, I used it on a COTS package that my company was thinking about using and we found a huge flaw in the way it handled userids passwords. We notified the publisher and they were non-believers until we demoed the flaw to them in person. They fixed the problem imediately, and we eventually did buy the package, after a retest with SpyDynamics' tool. Chris. On 5/8/07, Fabio Cerullo <fcerullo () gmail com> wrote:Hello all, is there any guide/tool which could help someone to do a web application security assessment? I mean... an automated tool that you could fire against the app. and will give you a report or some kind of checklist to go through in order to reinforce security. I remember from old days to have used Webtrends but i don't know if there is something new in the market. Any help will be really appreciated. Thank you very much. Fabio
Current thread:
- Web Application Testing Fabio Cerullo (May 08)
- Re: Web Application Testing phillip () cryptolife org (May 08)
- Re: Web Application Testing Chris Barber (May 08)
- Re: Web Application Testing Fabio Cerullo (May 08)
- Re: Web Application Testing M. Groen (May 09)
- RE: Web Application Testing Darren Webb (May 09)
- Re: Web Application Testing Fabio Cerullo (May 08)
- <Possible follow-ups>
- FW: Web Application Testing winsoc (May 10)