Re: Application Security

["Meenal Mukadam" <meenal.mukadam () gmail com>]

Hello Frederick,

To start with you could get mozilla addons. The advantage of having
these addons is that they make your life easy. (atleast they made my
life easy :)  )

You can download addons like hackbar, access me, sql inject me, xss
me, webdeveloper, greasymonkey, foxyproxy, tamper data, fire bug,
quick proxy, IP Geo-location, whois, show ip, stealther, WASP, Xpath
checker, etc. These are a few good addons that'll give you the needed
information on the fly.

Then there are many tools that are already mentioned by Philippe
Rivest. I would like to add to that list. For port scanning angry ip
scanner, super scanner, etc. Wikto which has both google hacks &
Nikto's database. Accunetix & Watchfire for WebApp security. For
generating a wordlist for brute forcing Brutus is an excellent tool.
Webscarab is my personal favorite when I'm doing a Penetration test.
Gamja, obiWAN, BiDiBLAH, sitedigger, metaspoilt, viewstate decoder,
blackwidow & ntoinsight are few other tools that'll help ya.

BackTrack3 has been released. Even that could be of great help to you.
Wish you all the best....

Cheers!

Meenal A. Mukadam





> -----Message d'origine-----
> De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la
> part de GT GERONIMO, Frederick Joseph B.
> Envoyé : 7 juillet 2008 05:12
> À : pen-test () securityfocus com
> Objet : Application Security
>
> Hello,
>
> I have been reading up on Application Security and Software Security
> Testing. I am interested tools you use in detecting any security bugs in
> business applications, may it be a web application, a C+ GUI, or what
> have you.
>
> Any opinion would be greatly appreciated. Thanks
>
>
> Fred
>
> This e-mail message (including attachments, if any) is intended for the use
> of the individual or the entity to whom it is addressed and may contain
> information that is privileged, proprietary, confidential and exempt from
> disclosure. If you are not the intended recipient, you are notified that any
> dissemination, distribution or copying of this communication is strictly
> prohibited. If you have received this communication in error, please notify
> the sender and delete this E-mail message immediately.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------



--
Meenal A. Mukadam

-------------------------------------------------------------
Far away there in the sunshine
are my highest aspirations.
I may/maynot reach them,
but I can look up and see their beauty,
believe in them and try to follow
where they lead
-------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------