Penetration Testing mailing list archives
Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing
From: "Serg B" <sergeslists () gmail com>
Date: Tue, 11 Dec 2007 16:38:19 +1100
1. What are the important things to remember while doing blackbox web app testing?
You need to define a scope (perhaps one has been defined for you already) and stay within scope. If there is something interesting slightly outside of it; make a quick note (in case you want to come back to it and move on).
2. Suggest some best free tools which are available to perform the test?
WASP security guide, Paros proxy, Charles proxy (not free), Burp proxy, Notepad++, a scripting language of your choice. Depends on what you are doing...
3. Where do i find the recommendation in case the tools reports various vulns in the site?
Google? Or ask the guy who has assigned you to the project.
4. What is the traffic generated on the site due to the test?
As much as you generate with those best free tools of yours.
From the above questions (and please don't take it the wrong way) but
perhaps you are not the best person for the task? Serg On 7 Dec 2007 03:22:07 -0000, <rajivvishwa () gmail com> wrote:
Hi Guys, I've been assigned to a project in which i'm asked to get a report on vulnerabilities present in a website hosted by my client. I'm new to blackbox testing on web applications. The duration of the project is 1.5 months. Can anyone comment on the following points 1. What are the important things to remember while doing blackbox web app testing? 2. Suggest some best free tools which are available to perform the test? 3. Where do i find the recommendation in case the tools reports various vulns in the site? 4. What is the traffic generated on the site due to the test? Any suggestions would be appreciated. Regards, Rajiv, Security Team ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Pointers to Free Web Vulnerability Scanners for Blackbox testing rajivvishwa (Dec 10)
- Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing Serg B (Dec 12)
- Message not available
- Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing Serg B (Dec 12)
- Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing Lee Lawson (Dec 12)
- Message not available
- Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing Thiago Zaninotti (Dec 13)
- Message not available