Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: OWASP Top 10 penetration testing software?

From: "Adam Behnke" <adam () infosecinstitute com>
Date: Mon, 5 Mar 2012 11:46:05 -0600
You may want to check out this, it is a summary of each of the OWASP Top 10,
as well as a open source tool you can use to test for it:

http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of psiinon
Sent: Monday, March 05, 2012 5:17 AM
To: Zaki Akhmad
Cc: pen-test () securityfocus com
Subject: Re: OWASP Top 10 penetration testing software?

Hi Zaki,

I this case I was refering to automated scanners, which wont detect
everything :)

Yes, penetration testing can find things like insecure cryptographic
storage.
However to be sure you really need to have access to the servers (esp
databases) and the source code.

Cheers,

Simon




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: