Penetration Testing mailing list archives

Re: Web Application Tester

From: Darren Bounds <dbounds () intrusense com>
Date: Sat, 18 Sep 2004 14:51:53 -0400

SPI recently released a comprehensive web app pen testing toolkit. Itincludes the following:

• Cookie Cruncher - Analyzes strength of cookies to avoid sessionhijacking

•   Encoders/Decoders  -  Translate different encryption standards
•   HTTP Editor  -  Create and edit HTTP requests
•   Regex Tester  -  Test regular expressions

• SOAP Editor - Automatically generate Web services SOAP requestsas well as manually edit• SPI Fuzzer - HTTP fuzzing or modification of input variables toidentify buffer overflows• SPI Proxy - Stand-alone, self-contained proxy server that you canconfigure and run on your desktop to monitor traffic for debugging andpenetration assessments; view every request and server response whilebrowsing a site• SQL Injector - Automated SQL injection attacks against Web siteto test susceptibility to exploits• WebBrute - Brute force tool to test strength of usernames andpasswords used in login forms or authentication pages• WebDiscovery - Discovery tool to identify which Web servers andWeb applications are behind which ports




Darren Bounds, CISSP

443D 628D 0AC7 CACF 6085
C0E0 B2FC 534B 3D9E 69AF

--
Intrusense - Securing Business As Usual


On Sep 14, 2004, at 6:49 PM, Andrew Bagrin wrote:

Does anyone know of an application tester similar to AppDetective
thats not as hard on the pocket book?
I need to pentest a web app and am looking for some tools

Thanks,
--Andrew Bagrin
andrew () bagrin com
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-oneinteractionwith one of our expert instructors. Check out our Advanced Hackingcourse,learn to write exploits and attack security infrastructure. Attend acourse
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

Web Application Tester Andrew Bagrin (Sep 14)
- Re: Web Application Tester A.R. (Sep 15)
- Re: Web Application Tester Anders Thulin (Sep 15)
  - Re: Web Application Tester cbc (Sep 16)
  - Re: Web Application Tester brennan stewart (Sep 16)
- Re: Web Application Tester Danux (Sep 15)
  - Re: Web Application Tester Mambo Dsouza (Sep 16)
  - Re: Web Application Tester GUsh-T (Sep 16)
- Re: Web Application Tester Darren Bounds (Sep 21)
- <Possible follow-ups>
- Re: Web Application Tester mkraisi (Sep 15)
- RE: Web Application Tester Hayden Searle (Sep 15)
  - Re: Web Application Tester Mambo Dsouza (Sep 16)
- RE: Web Application Tester John Floyd (Sep 16)
- RE: Web Application Tester chuan.delahosseraye (Sep 16)
  - RE: Web Application Tester A.R. (Sep 18)
- RE: Web Application Tester dseth (Sep 17)
- RE: Web Application Tester Bénoni MARTIN (Sep 17)
- RE: Web Application Tester Bowes, Ronald (EST) (Sep 18)
- RE: Web Application Tester Lachniet, Mark (Sep 21)

(Thread continues...)