WebApp Sec mailing list archives
Re: Appsec toolkits
From: shawnmer <shawnmer () io com>
Date: Thu, 6 Mar 2003 12:25:43 -0600 (CST)
Hi Craig, Are you using any particular platform OS for the tools? One thing that's caught my fancy recently are linux "live" CDs; in particular the Knoppix distibution based on Debian <http://www.knopper.net>. The CD boots and runs in RAM and on a compressed loop filesystem. Lots of apps like X, OpenOffice, along with security apps like nessus, hping, nmap, etc. are already on the CD...the kicker is the CD installs on a HD in about 10 minutes. Toss on a bunch of tools from packetstorm, owasp, etc. and you've got a nice portable, yet flexible, distro :) Thanks, -scm :Craig_Sullivan () Waitrose co uk
Well, I've now started assembling my own toolkit for application assessment. When I have finished compiling, evaluating and using the tools I select, I'll publish the full list..... What tools do you use for web app sec assessment and can you share your toolkit with the list? Regards, Craig. Categories: Scanners (incl CGI and general scanners) Scarfers (programs for making offline copies of sites) Proxy servers (for viewing and tracing HTTP, state management, adjusting parameters) Sniffers (packet decode applications) Platform specific (platform specific checks that I'm going to run) Misc (miscellaneous tools). ********************************************************************* Notice: This email is confidential and may contain copyright material of the John Lewis Partnership. If you are not the intended recipient, please notify us immediately and delete all copies of this message. (Please note that it is your responsibility to scan this message for viruses). ********************************************************************* John Lewis plc Registered in England 233462 Registered office 171 Victoria Street London SW1E 5NN Websites: http://www.johnlewis.com and http://www.waitrose.com
Current thread:
- Appsec toolkits Craig_Sullivan (Mar 05)
- Re: Appsec toolkits shawnmer (Mar 06)
- <Possible follow-ups>
- RE: Appsec toolkits PPowenski (Mar 06)
- RE: Appsec toolkits Ramirez, Manuel N (CORP, DDEMESIS) (Mar 06)