Penetration Testing mailing list archives
Re: [PEN-TEST] Web application testing tools
From: Yonatan Bokovza <Yonatan () XPERT COM>
Date: Wed, 11 Oct 2000 19:55:09 +0200
Web Application hacking is almost uncharted territory as far as vendor-security-products goes. If i remember correctly, ISS has a module that handles this briefly. AppScan is very neat and comprehensive, but nothing beats hand-made hack. I commonly use ELZA. It's a scripting language based on perl that can automate tasks and genuinely ease life when it concerns talking HTTP. You can get ELZA here: http://www.einet.bg/~philip/ Besides that, NetCat is your pal. Best Regards, Yonatan Bokovza IT Security Consultant. yonatan () xpert com Xpert Trusted Systems 972-9-9522361 Shenkar 1, Herzlia Pituach Israel.
-----Original Message----- From: Tim J Smith [mailto:TSmith () COMTECH COM AU] Sent: Wednesday, October 11, 2000 1:08 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Web application testing tools I've been down this path recently. The microsoft WAST tool does not support Java btw. Best one I found was the e-test tools from www.rswsoftware.com-----Original Message----- From: John Yang <jyang () BLACKBOARD COM>@COM TECH Sent: Wednesday, 11 October 2000 8:31 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Web application testing tools The URL for this tool is below. It's basically a stress tester. http://webtool.rte.microsoft.com John Yang Blackboard Inc. jyang () blackboard com http://www.blackboard.com-----Original Message----- From: Butters, Kevin [mailto:Kevin_Butters () NAI COM] Sent: Tuesday, October 10, 2000 6:10 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Web application testing tools I used MS's Homer stress tool downloadable for free from Microsoft. You will have to do some searching Microsoft doesn't call it the Homer tool. Its called Homer after its developers. Microsoft calls itsome kind of WebApplication test tool or something. Kevin Butters Network Associates Inc. -----Original Message----- From: Loschiavo, Dave [mailto:DLoschiavo () FRCC CC CA US] Sent: Tuesday, October 10, 2000 2:53 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Web application testing tools Sanctum (http://www.sanctuminc.com/) puts a product called AppScan that you might be interested in. I'm in the process of filling out the NDA so I can get a demo version. It ain't cheap, but if you need the ability it claims to offer (and it delivers on the claims) it should be a must-have product. -----Original Message----- From: Eaton, Dave To: PEN-TEST () SECURITYFOCUS COM Sent: 10/10/00 2:16 PM Subject: [PEN-TEST] Web application testing tools I have been asked to look for tools that can be used totest our webapplications, both from a security and a performancestandpoint. Iwould appreciate any comments on existing tools, bothcommercially availableand free-ware. All suggestions and comments welcome. TIA...... dave Dave Eaton, Systems Associate e-Information Services Eastman Chemical Company deaton () eastman com Phone: 423.229.3032====================================================================== This email message has been swept by MIMEsweeper.
Current thread:
- Re: [PEN-TEST] Web application testing tools, (continued)
- Re: [PEN-TEST] Web application testing tools Curphey, Mark (ISS Atlanta) (Oct 10)
- Re: [PEN-TEST] Web application testing tools Jan Muenther (Oct 11)
- Re: [PEN-TEST] Web application testing tools Chris Foster (Oct 11)
- Re: [PEN-TEST] Web application testing tools Jan Muenther (Oct 11)
- Re: [PEN-TEST] Web application testing tools Loschiavo, Dave (Oct 10)
- Re: [PEN-TEST] Web application testing tools Jensenne Roculan (Oct 10)
- Re: [PEN-TEST] Web application testing tools Butters, Kevin (Oct 10)
- Re: [PEN-TEST] Web application testing tools Quinn Kroll (Oct 10)
- Re: [PEN-TEST] Web application testing tools John Yang (Oct 10)
- Re: [PEN-TEST] Web application testing tools Tim J Smith (Oct 11)
- Re: [PEN-TEST] Web application testing tools Curphey, Mark (ISS Atlanta) (Oct 11)
- Re: [PEN-TEST] Web application testing tools Yonatan Bokovza (Oct 11)
- Re: [PEN-TEST] Web application testing tools Bennett Todd (Oct 11)
- [PEN-TEST] Web Application Testing Tools DigiZen Security Group (Oct 13)
- Re: [PEN-TEST] Web Application Testing Tools Eric Lauzon (Oct 13)
- Re: [PEN-TEST] Web Application Testing Tools DigiZen Security Group (Oct 16)
- [PEN-TEST] Forensic analisys and related training Erick Arturo Perez Huemer (Oct 16)
- Re: [PEN-TEST] Forensic analisys and related training anindya (Oct 16)
- Re: [PEN-TEST] Forensic analisys and related training Jensenne Roculan (Oct 16)
- Re: [PEN-TEST] Web Application Testing Tools DigiZen Security Group (Oct 16)
- Re: [PEN-TEST] Web application testing tools Curphey, Mark (ISS Atlanta) (Oct 10)
- Re: [PEN-TEST] Web application testing tools sixth sense (Oct 19)