Educause Security Discussion mailing list archives
Re: Web App Scan tool
From: "St Clair, Jim" <Jim.StClair () GT COM>
Date: Fri, 21 Nov 2008 17:11:55 -0500
Mark, I highly suggest you check out the open source tools at OWASP.org - the Open Web Application Security Project. Not only do they have tools for XSS, SQL injection, etc. but they have defined a nationally recognized vulnerability list - "the OWASP top ten" - that may spur your interest into a broader evaluation. James A. St.Clair, CISM, PMP Senior Manager Global Public Sector Grant Thornton LLP T 703-637-3078 F 703-637-4455 C 703-727-6332 E jim.stclair () gt com The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity. In the U.S., visit Grant Thornton LLP at http://www.grantthornton.com/. ________________________________ From: The EDUCAUSE Security Constituent Group Listserv on behalf of Mark Monroe Sent: Fri 11/21/2008 5:10 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Web App Scan tool I need to test some web apps. I am not fantastic at this. I am looking for a tool to help and due to a total lack of funds right now I cannot buy anything. I need to check for the usual things like x site scripting and sql injection and one of the apps generates a token and passes it on to another site and I need to make sure that can not be "messed" with too. any suggestions? Mark Monroe UMSL In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under the Internal Revenue Code. -------------------------------------------------------------------------- This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender immediately and delete the material from any computer.
Current thread:
- Web App Scan tool Mark Monroe (Nov 21)
- <Possible follow-ups>
- Re: Web App Scan tool St Clair, Jim (Nov 21)
- Re: Web App Scan tool Beechey, Jim (Nov 23)
- Re: Web App Scan tool Christopher Jones (Nov 26)
- Re: Web App Scan tool Bradley, Stephen W. Mr. (Nov 26)
- Re: Web App Scan tool Dawson,Scottie (Nov 26)
- Re: Web App Scan tool Randy Marchany (Nov 26)