Security Basics mailing list archives
FW: Web Application Testing
From: winsoc <winsoc () googlemail com>
Date: Thu, 10 May 2007 15:31:26 +0100
Come on now Mathijs, Start to use your imagination; why don't you just build some VMWare servers and install the webserver/applications there and play with them until your concerns are cleared. You could build an exact copy of the webapp you require testing. Regards winsoc -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of M. Groen Sent: 09 May 2007 07:43 To: Fabio Cerullo Cc: Chris Barber; security-basics () securityfocus com Subject: Re: Web Application Testing Thanks for the clear explanation. One other question, does anyone happen to know if there are sites on which you can try "pen testing" products, like WebInspect, or Hailstorm? I mean a " playground" on which it is allowed to do pen-tensting (and make mistakes)? Mathijs
Thank you very much for the feedback. It is really much appreciated. I will go after Chris suggestion (SpyDynamics) if budget allows it. Mesut, have you tried Acunetix Vulnerability Scanner? Thanks again, Fabio On 5/8/07, Chris Barber <cmbarber () gmail com> wrote:SpyDynamics has a package that does just what you described. I have used it in the past and it works great. Infact, I used it on a COTS package that my company was thinking about using and we found a huge flaw in the way it handled userids passwords. We notified the publisher and they were non-believers until we demoed the flaw to them in person. They fixed the problem imediately, and we eventually did buy the package, after a retest with SpyDynamics' tool. Chris. On 5/8/07, Fabio Cerullo <fcerullo () gmail com> wrote:Hello all, is there any guide/tool which could help someone to do a web application security assessment? I mean... an automated tool that you could fire against the app. and will give you a report or some kind of checklist to go through in order to reinforce security. I remember from old days to have used Webtrends but i don't know if there is something new in the market. Any help will be really appreciated. Thank you very much. Fabio
Current thread:
- Web Application Testing Fabio Cerullo (May 08)
- Re: Web Application Testing phillip () cryptolife org (May 08)
- Re: Web Application Testing Chris Barber (May 08)
- Re: Web Application Testing Fabio Cerullo (May 08)
- Re: Web Application Testing M. Groen (May 09)
- RE: Web Application Testing Darren Webb (May 09)
- Re: Web Application Testing Fabio Cerullo (May 08)
- <Possible follow-ups>
- FW: Web Application Testing winsoc (May 10)