Re: Appsec toolkits

[shawnmer <shawnmer () io com>]

Hi Craig,

Are you using any particular platform OS for the tools?  One thing that's 
caught my fancy recently are linux "live" CDs; in particular the Knoppix 
distibution based on Debian <http://www.knopper.net>.  The CD boots and 
runs in RAM and on a compressed loop filesystem.  Lots of apps like X, 
OpenOffice, along with security apps like nessus, hping, nmap, etc. are 
already on the CD...the kicker is the CD installs on a HD in about 10 
minutes.

Toss on a bunch of tools from packetstorm, owasp, etc. and you've got a 
nice portable, yet flexible, distro :)

Thanks,

-scm

:Craig_Sullivan () Waitrose co uk

> Well,
>
> I've now started assembling my own toolkit for application assessment.
>
> When I have finished compiling, evaluating and using the tools I select,
> I'll publish the full list.....
>
> What tools do you use for web app sec assessment and can you share your
> toolkit with the list?
>
>
> Regards,
>
> Craig.
>
>
> Categories:
> Scanners (incl CGI and general scanners)
> Scarfers (programs for making offline copies of sites)
> Proxy servers (for viewing and tracing HTTP, state management, adjusting
> parameters)
> Sniffers (packet decode applications)
> Platform specific (platform specific checks that I'm going to run)
> Misc (miscellaneous tools).
>
>
>
>
>
> *********************************************************************
>
> Notice:  This email is confidential and may contain
> copyright material of the John Lewis Partnership.
> If you are not the intended recipient, please
> notify us immediately and delete all copies of this
> message.  (Please note that it is your responsibility
> to scan this message for viruses).
>
>
> *********************************************************************
>
> John Lewis plc                 Registered in England 233462
> Registered office              171 Victoria Street London SW1E 5NN
>      
> Websites: http://www.johnlewis.com and http://www.waitrose.com