Security Basics mailing list archives
RE: Re[2]: Testing for SQL injection or Cross Site scripting
From: "Stoughton, Brian F." <bstoughton () nejm org>
Date: Tue, 3 Nov 2009 15:13:03 -0500
Acunetix is pretty good... -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mojorising Sent: Tuesday, October 13, 2009 4:50 PM To: Adam Pal Cc: Scott Race; security-basics () securityfocus com Subject: Re: Re[2]: Testing for SQL injection or Cross Site scripting Hi. There are a few good tools out there for finding web application vulnerabilites and it's a good idea run them against your sites before someone else does. I've used and had good experience with all these aside from Pantera and Proxmon but I understand they are also quality tools. ratproxy - http://code.google.com/p/ratproxy/ Paros - http://www.parosproxy.org Nikto - http://cirt.net/nikto2 Wapiti - http://sourceforge.net/projects/wapiti/ Proxmon - http://www.isecpartners.com/proxmon.html Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Also useful for creating your own attacks. Webscarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Burp - http://portswigger.net/proxy/ VB, thanks for the list you sent. I'm checking that out now. If anyone knows of more web application vulnerabilty scanners, I'd definitely love to hear about them too. Finding such issues is part of my job (I work for a web development shop) and I'm always looking for more free/open source tools like this to ensure few/no such bugs slip through the cracks. Mike On 10/10/2009, Adam Pal <pal_adam () gmx net> wrote:
Hello Scott, Try absinthe ( http://www.0x90.org/releases/absinthe/download.php ). There was once a tool called lilith but i dont know if still exists. -- Best regards, Adam Pal Wednesday, October 7, 2009, 1:57:36 AM, you wrote: <==============Original message text=============== SR> Hey everyone, SR> Does anyone know of any free SQL injection or XSS tools to scan a single SR> website? I checked out Acunetix and a few other tools, but they are SR> pretty expensive. Not that I don't want to support vendors who make SR> good tools, but this project isn't going to make much $$, so free tools SR> are our only option if we want to scan to see where we're at. SR> Thanks in advance! SR> Scott SR> ------------------------------------------------------------------------ SR> Securing Apache Web Server with thawte Digital Certificate SR> In this guide we examine the importance of Apache-SSL and who SR> needs an SSL certificate. We look at how SSL works, how it SR> benefits your company and how your customers can tell if a site is SR> secure. You will find out how to test, purchase, install and use a SR> thawte Digital Certificate on your Apache web server. Throughout, SR> best practices for set-up are highlighted to help you ensure SR> efficient ongoing management of your encryption keys and digital certificates. SR> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 SR> ------------------------------------------------------------------------ <===========End of original message text===========
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ This email message is a private communication. The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential, privileged, and/or proprietary material. Any review, duplication, retransmission, distribution, or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is unauthorized by the sender and is prohibited. If you have received this message in error, please contact the sender immediately by return email and delete the original message from all computer systems. Thank you. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Re[2]: Testing for SQL injection or Cross Site scripting Stoughton, Brian F. (Nov 04)
- <Possible follow-ups>
- Re: Testing for SQL injection or Cross Site scripting Dale Stirling (Nov 09)