WebApp Sec mailing list archives
RE: Your help gratefully received
From: "Michael Howard" <mikehow () microsoft com>
Date: Thu, 27 Feb 2003 12:01:09 -0800
look at the threats to the system - then choose your tools... as for tools, i tend to use perl scripts i wrote :-) ________________________________ From: Craig_Sullivan () Waitrose co uk [mailto:Craig_Sullivan () Waitrose co uk] Sent: Thu 2/27/2003 9:37 AM To: webappsec () securityfocus com Subject: Your help gratefully received Hi, I'm conducting a web app sec review for someone and would like some advice. I am assembling some tools that I need to use and also the areas that I am going to concentrate upon during my assessment. The objective here is to see how well I can do against an automated appsec scanning product against a non commercial test server in the lab. The questions I have are: What tools do you recommend (for general and specific use e.g. proxies, scanners, site dumping etc. etc.) What areas should I concentrate on (e.g. state management, SSL, XSS, SQL injection etc.) What webapp security resources do you use and can recommend Thanks very much in advance, Regards, Craig. ********************************************************************* Notice: This email is confidential and may contain copyright material of the John Lewis Partnership. If you are not the intended recipient, please notify us immediately and delete all copies of this message. (Please note that it is your responsibility to scan this message for viruses). ********************************************************************* John Lewis plc Registered in England 233462 Registered office 171 Victoria Street London SW1E 5NN Websites: http://www.johnlewis.com and http://www.waitrose.com
Current thread:
- Your help gratefully received Craig_Sullivan (Feb 27)
- Re: Your help gratefully received Jeff Williams @ Aspect (Feb 27)
- <Possible follow-ups>
- RE: Your help gratefully received Michael Howard (Feb 27)