Re: Guidlines for Testing Web Applications

["Dave Aitel" <dave () immunitysec com>]

Lately I just think it's funny when people include a bunch of commercial web
application analysis tools, but leave out SPIKE Proxy, which is just as
good, and completely free.

-dave

----- Original Message -----
From: "Ramirez, Manuel N (CORP, DDEMESIS)" <Manuel.Ramirez () ddemesis ge com>
To: "Lecia McCalla" <lmccalla () fsl org jm>; <webappsec () securityfocus com>
Sent: Thursday, March 20, 2003 3:38 PM
Subject: RE: Guidlines for Testing Web Applications


> I'm sure some of these tools will be very useful for you. Just please
don't use them against us =)
> http://www.webhackingexposed.com/tools.html
>
> The hacking web applications exposed book is a very good guide to define
what you have to do with regards to security testing.
> Best regards,
> Manuel
>
> -----Mensaje original-----
> De: Lecia McCalla [mailto:lmccalla () fsl org jm]
> Enviado el: Jue 20/03/2003 08:28 a.m.
> Para: webappsec () securityfocus com
> CC:
> Asunto: Guidlines for Testing Web Applications
>
>
>
> All,
>
> I am a Business Analyst/Trainer at the company where I work.  I am now
> required to assist in the testing of web applications with the focus on
> the security aspect. Where as I have experience in testing, I have no
> experience in security as it relates to web applications.  Can you help
> me?  When testing a web application with focus on security what do I
> look for?  Are there any written guidelines that I should follow?  So
> far I have been researching SSL and SQL Injections.  Any ideas?
>
> NOTE:
> I am a fast learner. :-)