Security Basics mailing list archives
Re: Vuln Scanner for Web App Source Code
From: Christian Nanne <cnanne () gmail com>
Date: Mon, 19 May 2008 15:08:46 -0700
Thanks everybody for the prompt responses I will give it a try to some of the tools and see how it goes from there.
On May 19, 2008, at 3:01 PM, Dan Denton wrote:
I'd highly recommend Paros Proxy for this task. We've used it with success in locating pages vulnerable to XSS and SQLI. The product acts as a proxy server, and also has a spider program built in. Once you've accessed the pages you want to access, you can use the spider to crawl the rest of thesite, then run Paros's report program to analyze the results. -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com ] OnBehalf Of Paul J. Brickett Sent: Monday, May 19, 2008 9:10 AM To: cnanne () gmail com Cc: security-basics () securityfocus com; security-basics-return-49117 () securityfocus com Subject: Re: Vuln Scanner for Web App Source Code Acunetix Web Vulnerability Scanner will somewhat do this- it will attempt to manipulate various variables it detects in the pages you're scanning, then pointout which variables in your souce are susceptible to unsanitized input,cross site scripting, ect. That said, if you have the time doing this manually is the superior method. :) -PJB On Sun, 18 May 2008, cnanne () gmail com wrote:This might be a bit of a dumb question, but does anyone know of a goodVulnerability Scanner for finding faults in the actual Source Code of theWeb App? Or can this task can only be done by hand?Any feedback on this is highly appreciative cheers, PhoenixRbrth
Current thread:
- Vuln Scanner for Web App Source Code cnanne (May 18)
- RE: Vuln Scanner for Web App Source Code Naveed Ahmed (May 19)
- Re: Vuln Scanner for Web App Source Code Greg Rubin (May 19)
- Re: Vuln Scanner for Web App Source Code Johnny Wong (May 19)
- RE: Vuln Scanner for Web App Source Code Lorna Alamri (May 20)
- Re: Vuln Scanner for Web App Source Code Paul J. Brickett (May 19)
- RE: Vuln Scanner for Web App Source Code Dan Denton (May 20)
- Re: Vuln Scanner for Web App Source Code Christian Nanne (May 20)
- RE: Vuln Scanner for Web App Source Code Dan Denton (May 20)
- <Possible follow-ups>
- Re: Vuln Scanner for Web App Source Code Dan Anderson (May 19)