Security Basics mailing list archives
Re: Re[2]: Testing for SQL injection or Cross Site scripting
From: mojorising <moj0rising () aim com>
Date: Tue, 13 Oct 2009 13:50:00 -0700
Hi. There are a few good tools out there for finding web application vulnerabilites and it's a good idea run them against your sites before someone else does. I've used and had good experience with all these aside from Pantera and Proxmon but I understand they are also quality tools. ratproxy - http://code.google.com/p/ratproxy/ Paros - http://www.parosproxy.org Nikto - http://cirt.net/nikto2 Wapiti - http://sourceforge.net/projects/wapiti/ Proxmon - http://www.isecpartners.com/proxmon.html Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Also useful for creating your own attacks. Webscarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Burp - http://portswigger.net/proxy/ VB, thanks for the list you sent. I'm checking that out now. If anyone knows of more web application vulnerabilty scanners, I'd definitely love to hear about them too. Finding such issues is part of my job (I work for a web development shop) and I'm always looking for more free/open source tools like this to ensure few/no such bugs slip through the cracks. Mike On 10/10/2009, Adam Pal <pal_adam () gmx net> wrote:
Hello Scott, Try absinthe ( http://www.0x90.org/releases/absinthe/download.php ). There was once a tool called lilith but i dont know if still exists. -- Best regards, Adam Pal Wednesday, October 7, 2009, 1:57:36 AM, you wrote: <==============Original message text=============== SR> Hey everyone, SR> Does anyone know of any free SQL injection or XSS tools to scan a single SR> website? I checked out Acunetix and a few other tools, but they are SR> pretty expensive. Not that I don't want to support vendors who make SR> good tools, but this project isn't going to make much $$, so free tools SR> are our only option if we want to scan to see where we're at. SR> Thanks in advance! SR> Scott SR> ------------------------------------------------------------------------ SR> Securing Apache Web Server with thawte Digital Certificate SR> In this guide we examine the importance of Apache-SSL and who SR> needs an SSL certificate. We look at how SSL works, how it SR> benefits your company and how your customers can tell if a site is SR> secure. You will find out how to test, purchase, install and use a SR> thawte Digital Certificate on your Apache web server. Throughout, SR> best practices for set-up are highlighted to help you ensure SR> efficient ongoing management of your encryption keys and digital certificates. SR> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 SR> ------------------------------------------------------------------------ <===========End of original message text===========
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- New to Hacking .. Help !! abd . explore (Oct 06)
- RE: Testing for SQL injection or Cross Site scripting Scott Race (Oct 07)
- Re: Testing for SQL injection or Cross Site scripting Fabien Vincent (Oct 08)
- Re[2]: Testing for SQL injection or Cross Site scripting Adam Pal (Oct 13)
- Re: Re[2]: Testing for SQL injection or Cross Site scripting mojorising (Oct 14)
- Re: Re[2]: Testing for SQL injection or Cross Site scripting Peter Thomas (Oct 14)
- Re: New to Hacking .. Help !! { Feeyo|NixDevs } (Oct 07)
- RE: New to Hacking .. Help !! Rivest, Philippe (Oct 08)
- RE: New to Hacking .. Help !! Craig Wilson (Oct 08)
- Re: New to Hacking .. Help !! Wim Remes (Oct 07)
- <Possible follow-ups>
- RE: New to Hacking .. Help !! Paul Jenkins (Oct 07)
- Re: New to Hacking .. Help !! Robert Larsen (Oct 13)
- Re: New to Hacking .. Help !! Peter Thomas (Oct 14)
- Re: New to Hacking .. Help !! Robert Larsen (Oct 13)
- Re: New to Hacking .. Help !! jfvanmeter (Oct 08)
- RE: Testing for SQL injection or Cross Site scripting Scott Race (Oct 07)