Re: Web Application Tester

[Mambo Dsouza <mamboz () gmail com>]

Correct me if i am wrong...

Up to my knowledge i think for testing web application there are a lot
of tools...which only conduct test up to a certain level..

But i think the best are the manual methods..like parameter
tampering..URL tampering..hidden fields..injecting code..or even
performing sql injection techniques..

for these you can actually use tools like websleuth and
TamperIE..which are of real help..

Please correct me if i am wrong..or if anyone else also has some inputs..

Cheers
Mambo


On Wed, 15 Sep 2004 17:02:12 +1200, Hayden Searle
<hayden.searle () safecom co nz> wrote:
> The only other one I know of is @Stake but I think that is rather
> expensive too. http://www.atstake.com/
>
> Hayden Searle
>
> -----Original Message-----
> From: Andrew Bagrin [mailto:abagrin () gmail com]
> Sent: Wednesday, 15 September 2004 10:50 a.m.
> To: pen-test () securityfocus com
> Subject: Web Application Tester
>
> Does anyone know of an application tester similar to AppDetective
> thats not as hard on the pocket book?
> I need to pentest a web app and am looking for some tools
>
> Thanks,
>
> --
> Andrew Bagrin
> andrew () bagrin com
>
> ------------------------------------------------------------------------
> ------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one
> interaction
> with one of our expert instructors. Check out our Advanced Hacking
> course,
> learn to write exploits and attack security infrastructure. Attend a
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> -------
>
> #####################################################################################
> Important: This electronic message and attachments (if any) are confidential
> and may be legally privileged. If you are not the intended recipient do not
> copy, disclose or use the contents in any way. Please let us know by return
> e-mail immediately and then destroy this message.
> #####################################################################################
>
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------