WebApp Sec mailing list archives
Re: Guidlines for Testing Web Applications
From: "Dave Aitel" <dave () immunitysec com>
Date: Fri, 21 Mar 2003 07:44:18 -0500
Lately I just think it's funny when people include a bunch of commercial web application analysis tools, but leave out SPIKE Proxy, which is just as good, and completely free. -dave ----- Original Message ----- From: "Ramirez, Manuel N (CORP, DDEMESIS)" <Manuel.Ramirez () ddemesis ge com> To: "Lecia McCalla" <lmccalla () fsl org jm>; <webappsec () securityfocus com> Sent: Thursday, March 20, 2003 3:38 PM Subject: RE: Guidlines for Testing Web Applications
I'm sure some of these tools will be very useful for you. Just please
don't use them against us =)
http://www.webhackingexposed.com/tools.html The hacking web applications exposed book is a very good guide to define
what you have to do with regards to security testing.
Best regards, Manuel -----Mensaje original----- De: Lecia McCalla [mailto:lmccalla () fsl org jm] Enviado el: Jue 20/03/2003 08:28 a.m. Para: webappsec () securityfocus com CC: Asunto: Guidlines for Testing Web Applications All, I am a Business Analyst/Trainer at the company where I work. I am now required to assist in the testing of web applications with the focus on the security aspect. Where as I have experience in testing, I have no experience in security as it relates to web applications. Can you help me? When testing a web application with focus on security what do I look for? Are there any written guidelines that I should follow? So far I have been researching SSL and SQL Injections. Any ideas? NOTE: I am a fast learner. :-)
Current thread:
- RE: Guidlines for Testing Web Applications Nelson, Ernie (Mar 20)
- <Possible follow-ups>
- RE: Guidlines for Testing Web Applications Ramirez, Manuel N (CORP, DDEMESIS) (Mar 20)
- Re: Guidlines for Testing Web Applications Dave Aitel (Mar 21)
- RE: Guidlines for Testing Web Applications David Endler (Mar 20)
- Re: Guidlines for Testing Web Applications Craig_Sullivan (Mar 26)