Re: [PEN-TEST] Web application testing tools

[Yonatan Bokovza <Yonatan () XPERT COM>]

Web Application hacking is almost uncharted territory as
far as vendor-security-products goes. If i remember correctly,
ISS has a module that handles this briefly. AppScan is very
neat and comprehensive, but nothing beats hand-made hack.
I commonly use ELZA. It's a scripting language based on
perl that can automate tasks and genuinely ease life
when it concerns talking HTTP. You can get ELZA here:
http://www.einet.bg/~philip/
Besides that, NetCat is your pal.

Best Regards,

Yonatan Bokovza
IT Security Consultant.
yonatan () xpert com
Xpert Trusted Systems
972-9-9522361
Shenkar 1, Herzlia Pituach
Israel.

> -----Original Message-----
> From: Tim J Smith [mailto:TSmith () COMTECH COM AU]
> Sent: Wednesday, October 11, 2000 1:08 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] Web application testing tools
>
>
> I've been down this path recently. The microsoft WAST tool
> does not support
> Java btw. Best one I found was the e-test tools from
> www.rswsoftware.com
>
> >  -----Original Message-----
> > From:       John Yang <jyang () BLACKBOARD COM>@COM TECH
> > Sent:       Wednesday, 11 October 2000 8:31 AM
> > To: PEN-TEST () SECURITYFOCUS COM
> > Subject:    Re: [PEN-TEST] Web application testing tools
> >
> >
> > The URL for this tool is below.  It's basically a stress tester.
> > http://webtool.rte.microsoft.com
> >
> >
> > John Yang
> > Blackboard Inc.
> > jyang () blackboard com
> > http://www.blackboard.com
> >
> >
> >
> > > -----Original Message-----
> > > From: Butters, Kevin [mailto:Kevin_Butters () NAI COM]
> > > Sent: Tuesday, October 10, 2000 6:10 PM
> > > To: PEN-TEST () SECURITYFOCUS COM
> > > Subject: Re: [PEN-TEST] Web application testing tools
> > >
> > >
> > > I used MS's Homer stress tool downloadable for free from
> > > Microsoft. You will
> > > have to do some searching Microsoft doesn't call it the Homer
> > > tool. Its
> > > called Homer after its developers. Microsoft calls it
> some kind of Web
> > > Application test tool or something.
> > >
> > > Kevin Butters
> > > Network Associates Inc.
> > >
> > >
> > > -----Original Message-----
> > > From: Loschiavo, Dave [mailto:DLoschiavo () FRCC CC CA US]
> > > Sent: Tuesday, October 10, 2000 2:53 PM
> > > To: PEN-TEST () SECURITYFOCUS COM
> > > Subject: Re: [PEN-TEST] Web application testing tools
> > >
> > >
> > > Sanctum (http://www.sanctuminc.com/) puts a product called
> > > AppScan that you
> > > might be interested in. I'm in the process of filling out the
> > > NDA so I can
> > > get a demo version. It ain't cheap, but if you need the
> > > ability it claims to
> > > offer (and it delivers on the claims) it should be a
> > > must-have product.
> > >
> > > -----Original Message-----
> > > From: Eaton, Dave
> > > To: PEN-TEST () SECURITYFOCUS COM
> > > Sent: 10/10/00 2:16 PM
> > > Subject: [PEN-TEST] Web application testing tools
> > >
> > > I have been asked to look for tools that can be used to
> test our web
> > > applications, both from a security and a performance
> standpoint.  I
> > > would
> > > appreciate any comments on existing tools, both
> commercially available
> > > and
> > > free-ware.  All suggestions and comments welcome.
> > > TIA...... dave
> > >
> > >
> > > Dave Eaton, Systems Associate
> > > e-Information Services
> > > Eastman Chemical Company
> > > deaton () eastman com  Phone: 423.229.3032
>
>
> ======================================================================
> This email message has been swept by MIMEsweeper.