WebApp Sec mailing list archives
Re: testing web app security
From: Steve Suehring <csec-nospam () braingia org>
Date: Fri, 19 Mar 2004 19:58:00 -0600
You might try Nessus and Nikto as a starting point for tools. www.securityfocus.com has a list of tools as well as helpful articles. http://www.securityfocus.com/tools?platid=-1&cat=77&offset=20 Insecure.org has a similar list: http://www.insecure.org/tools.html SANS is good too. Otherwise check the archives from this list for other ideas. Steve On Fri, Mar 19, 2004 at 02:33:52PM -0500, Michael Cunningham wrote:
Folks, I am going to have to take on the task of testing software applications my company produces as they roll through the QA/UAT process for security concerns (can't hire anyone and software to automate the testing seems to be very expensive). They are mainly web based applications with a database backend and some custom java and C programs. I am aware of how sql injection, buffer overflows, cross site scripting, and other security programming problems work, but I dont have a whole lot of experience applying this knowledge to application testing. Are there any training courses or documents/books you can suggest that would help me learn the skills I need to make this happen? Does anyone have a site that lists tools (open source preferred) That I could use to help me test these applications? Thanks for any help you can offer, Mike
Current thread:
- testing web app security Michael Cunningham (Mar 19)
- Re: testing web app security A.D. Douma (Mar 19)
- Re: testing web app security Ivan Ristic (Mar 20)
- Re: testing web app security Felipe Moniz de Aragao (Mar 19)
- RE: testing web app security Mark Curphey (Mar 19)
- Re: testing web app security Steve Suehring (Mar 19)
- <Possible follow-ups>
- RE: testing web app security Weiler, Jim (Mar 31)
- Re: testing web app security A.D. Douma (Mar 19)