Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Required Help on Automated Tools

From: "Leverett, Eireann (GE Infra, Energy)" <eireann.leverett () ge com>
Date: Wed, 15 Oct 2008 12:02:34 +0200
 
Noxious,

SQL-Injection and XSS can be tested with ServiceTest by HP/Mercury. You will
still need to write some aspects of the scripts yourself, but much of the
basic overhead is done for you, assuming your webservices have WSDLs defined
and you can get at them. 

Essentially, I would recommend this tool for source-code assisted/white box
testing. If you are looking for a black box testing tool (which I suspect
you are), use something else.

Éireann Leverett CSSA

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Vin Oxious
Sent: 14 October 2008 19:33
To: pen-test () securityfocus com
Subject: Required Help on Automated Tools

Hello Everyone,

                               Greetings !! ..Can you please list me some
tools that would allow automated testing of the below ...  ( while I have
already got a few tools .. just wanted to know if there are some good ones )
..

SQL Injection -

XSS -

Improper Session Management -

URL Access -

Direct Object Reference -


regards,
Noxious

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: