Re: Automatic web application security profiling

[D Adusumalli <asndpp () gmail com>]

Open source web proxies BURP, WebScarab have spidering ability.

- Durga

On Thu, Jul 16, 2009 at 7:12 AM, John Beck<jbeck59 () hotmail com> wrote:
> Hello List:
>
> I am about to start an application layer security assessment of a web application and I am searching for a quick 
> method of identifying "most" of the inputs of a JSP/tomcat web application (remotely, without source code access).
>
> Are any of you using any free / open source / custom tools to accomplish this that you would be willing to share / 
> recommend?  Do you know of any usable solution to automatically create a site map that could be included in a paper 
> report?
>
> Essentially I'd like to be able to use a free tool to spider the application and end up with a list of end points to 
> test manually.
>
> Any help is greatly appreciated.
>
> Thanks,
>
> -Jeff
>
> _________________________________________________________________
> Windows Live™: Keep your life in sync.
> http://windowslive.com/explore?ocid=TXT_TAGLM_WL_BR_life_in_synch_062009
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------