Penetration Testing mailing list archives
Re: Pen testing web servers
From: "Micah Lee" <micahflee () gmail com>
Date: Fri, 19 Dec 2008 19:22:16 -0500
For web servers I like nikto. It scans a web server looking for known vulnerable software and default or bad configurations. It tends to give a lot of false positives though, so it's important to manually check each potential vulnerability. For testing web applications, I like webscarab. It's an intercepting proxy, among other things, making it easy to modify any input that you give to web applications, which it's in the headers, GETs, POSTs, or cookies. On Fri, Dec 19, 2008 at 6:10 PM, Kevin P Biggs <kbiggs81 () gmail com> wrote:
What does everyone consider the best pen tool for testing web servers? I have tried Nessus. What tool(s) do you recommend? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Pen testing web servers Kevin P Biggs (Dec 19)
- RE: Pen testing web servers John Babio (Dec 19)
- Re: Pen testing web servers Micah Lee (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 19)
- Re: Pen testing web servers Kevin P Biggs (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 19)
- RE: Pen testing web servers Erin Carroll (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 20)
- Re: Pen testing web servers Kevin P Biggs (Dec 19)
- RE: [Dailydave] Pen testing web servers Brett Moore (Dec 20)