Penetration Testing mailing list archives
Re: Automatic web application security profiling
From: D Adusumalli <asndpp () gmail com>
Date: Sat, 5 Sep 2009 18:52:01 +0530
Open source web proxies BURP, WebScarab have spidering ability. - Durga On Thu, Jul 16, 2009 at 7:12 AM, John Beck<jbeck59 () hotmail com> wrote:
Hello List: I am about to start an application layer security assessment of a web application and I am searching for a quick method of identifying "most" of the inputs of a JSP/tomcat web application (remotely, without source code access). Are any of you using any free / open source / custom tools to accomplish this that you would be willing to share / recommend? Do you know of any usable solution to automatically create a site map that could be included in a paper report? Essentially I'd like to be able to use a free tool to spider the application and end up with a list of end points to test manually. Any help is greatly appreciated. Thanks, -Jeff _________________________________________________________________ Windows Live™: Keep your life in sync. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_BR_life_in_synch_062009 ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Automatic web application security profiling D Adusumalli (Sep 08)
- Re: Automatic web application security profiling Volker Tanger (Sep 09)
- Message not available
- Re: Automatic web application security profiling Meenal Mukadam (Sep 14)
- Message not available
- Re: Automatic web application security profiling Anthony Cicalla (Sep 14)
- Re: Automatic web application security profiling Volker Tanger (Sep 09)