Penetration Testing mailing list archives

RE: Required Help on Automated Tools

From: "Bhalla, Nishchal" <Nish () SECURITYCOMPASS COM>
Date: Wed, 15 Oct 2008 13:46:02 -0500

We at security compass just released an updated verion of some of our Exploit me plugins for firefox (XSSMe, 
SQLInjectMe, AccessMe). They are all FF3 compatible and are available for download either through our site 
(http://securitycompass.com/exploitme.shtml ) or through the addons' site 
(https://addons.mozilla.org/en-US/firefox/search?q=&cat=1,12&show=20&page=10).

Let me know if you face any issues with these tools. They are pretty straight forward to use.

Nish.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Leverett, Eireann (GE 
Infra, Energy)
Sent: Wednesday, October 15, 2008 6:03 AM
To: pen-test () securityfocus com
Subject: RE: Required Help on Automated Tools

 
Noxious,

SQL-Injection and XSS can be tested with ServiceTest by HP/Mercury. You will
still need to write some aspects of the scripts yourself, but much of the
basic overhead is done for you, assuming your webservices have WSDLs defined
and you can get at them. 

Essentially, I would recommend this tool for source-code assisted/white box
testing. If you are looking for a black box testing tool (which I suspect
you are), use something else.

Éireann Leverett CSSA

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Vin Oxious
Sent: 14 October 2008 19:33
To: pen-test () securityfocus com
Subject: Required Help on Automated Tools

Hello Everyone,

                               Greetings !! ..Can you please list me some
tools that would allow automated testing of the below ...  ( while I have
already got a few tools .. just wanted to know if there are some good ones )
..

SQL Injection -

XSS -

Improper Session Management -

URL Access -

Direct Object Reference -


regards,
Noxious

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

Re: Required Help on Automated Tools, (continued)
- Re: Required Help on Automated Tools Christian Martorella (Oct 15)
- Re: Required Help on Automated Tools Matt - MRS Security (Oct 15)
  - Re: Required Help on Automated Tools Dharmendra T (Oct 16)
    - RE: Required Help on Automated Tools Prodigi Child (Oct 16)
    - Re: Required Help on Automated Tools Marian Rudzynski (Oct 16)
    - Re: Required Help on Automated Tools Omar Herrera (Oct 16)
    - Re: Required Help on Automated Tools Taufiq Ali (Oct 17)
- Re: Required Help on Automated Tools nnp (Oct 15)
  - Re: Required Help on Automated Tools Taufiq Ali (Oct 16)
- RE: Required Help on Automated Tools Leverett, Eireann (GE Infra, Energy) (Oct 15)
  - RE: Required Help on Automated Tools Bhalla, Nishchal (Oct 15)