PaulDotCom mailing list archives
Steps taken During a Web App Pentest
From: paul at pauldotcom.com (Paul Asadoorian)
Date: Mon, 08 Jun 2009 16:37:15 -0400
Since you mentioned Nessus.... :) There are several settings that can help Nessus provide better results with respects to scanning web servers and applications. See my OWASP presentation for more [1]. Also, we just released (like yesterday afternoon) some new functionality into Nessus with respects to web app scanning. So, let me know if you notice anything (false positives) or other strangeness. I will be following up with a blog post that will summarize some of the improvements, but specifically check out to the new advanced option "HTTP Audit Settings". Cheers, Paul [1] http://tenablesecurity.com/whitepapers/OWASP-05-2009-NessusWebAppTesting.pdf infolookup at gmail.com wrote:
@ Irongeek its "password" :), Paul thanks for your input. Going to looking over Owasp v3 testing guide to get a feel of some of the things mentioned. If I can convince my boss to purchase a pro feed of Nessus I will have follow up questions! Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Adrian Crenshaw <irongeek at irongeek.com> Date: Mon, 8 Jun 2009 11:57:05 To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com> Subject: Re: [Pauldotcom] Steps taken During a Web App Pentest _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552
Current thread:
- Steps taken During a Web App Pentest infolookup at gmail.com (Jun 06)
- Steps taken During a Web App Pentest Johan Peder Møller (Jun 08)
- Steps taken During a Web App Pentest infolookup at gmail.com (Jun 08)
- Steps taken During a Web App Pentest Paul Asadoorian (Jun 08)
- Steps taken During a Web App Pentest Adrian Crenshaw (Jun 08)
- Steps taken During a Web App Pentest infolookup at gmail.com (Jun 08)
- Steps taken During a Web App Pentest Paul Asadoorian (Jun 08)
- Steps taken During a Web App Pentest infolookup at gmail.com (Jun 08)
- Steps taken During a Web App Pentest Johan Peder Møller (Jun 08)
- Steps taken During a Web App Pentest Michael McGrew (Jun 08)
- Steps taken During a Web App Pentest Jason Wood (Jun 08)
- Steps taken During a Web App Pentest Jody & Jennifer McCluggage (Jun 09)
- Steps taken During a Web App Pentest infolookup at gmail.com (Jun 09)
- Steps taken During a Web App Pentest Jason Wood (Jun 10)