WebApp Sec mailing list archives
Re: [WEB SECURITY] Web Application Scanners Comparison
From: anantasec <anantasec () googlemail com>
Date: Thu, 29 Jan 2009 21:18:40 +0200
Hello Ory, Sure, I'm sorry for not including this information in the initial report. I've used three machines: 1. Unix machine for testing PHP applications Operating system: FreeBSD 6.4-RELEASE Web Server: Apache/2.2.3 (FreeBSD) DAV/2 PHP/5.2.8 mod_ssl/2.2.3 OpenSSL/0.9.7e-p1 relevant .htaccess settings: (placed in the root directory. some applications may rewrite these settings). php_value magic_quotes_gpc Off php_value register_globals On php_value allow_url_fopen On php_value allow_url_include On 2. Windows machine for testing Java applications Operating system: Windows XP Service Pack 2 Web Server: Apache Tomcat 6.0.18 Java Virtual Machine: jre1.6.0_07 3. Windows machine used for testing ASP.NET applications Operating system: Windows XP Service Pack 2 Web Server: Microsoft-IIS/5.1 ASP.NET versions: 1.1.4322 2.0.50727 On 1/29/09, Ory Segal <SEGALORY () il ibm com> wrote:
Hello, Could you be kind enough and share with us the environment on which you have installed the web applications? operating system, version, service packs, web server type and version, etc.? Thank you, -Ory Segal
-- http://anantasec.blogspot.com ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Re: [WEB SECURITY] Web Application Scanners Comparison anantasec (Feb 01)