From: Thiago Zaninotti (thiago@zaninotti.net)
Date: Thu Dec 13 2007 - 13:40:32 EST
Hi Rajiv,
You may also try out N-Stalker Free Edition (Free Web Vulnerability scanner):
http://www.nstalker.com/free-edition
Rgds,
Thiago
>
> On 12/11/07, Lee Lawson <leejlawson@gmail.com> wrote:
> > I would start by reading the OWASP (Open Web Application Security
> > Project) Top Ten web application vulnerabilities, it can be found
> > here:
> > http://www.owasp.org/index.php/Top_10_2007
> >
> > I have written some papers about the top ten which can be found here:
> > http://www.dns.co.uk/advisorycentre/whitepapers/
> >
> > This will give you a good grounding in the most common errors. Then
> > you can start finding them.
> >
> > Are you after open source black box web app scanners? Something you
> > need to understand is the difference between the server and the
> > application.
> >
> > Server:
> > Nikto
> > Wikto (which contains Nikto and runs on Windows)
> >
> > Application:
> > WebInspect (SPI Dynamics - now HP) - commercial - expensive but one of
> > the better scanners.
> > AppScan (Watchfire - Now IBM) - commercial - expensive but one of the
> > better scanners.
> >
> > As for open source tools, you will not go far wrong with WebScarab
> > (http://www.owasp.org/index.php/Category:OWASP_Project).
> >
> > later,
> >
> >
> > On 7 Dec 2007 03:22:07 -0000, < rajivvishwa@gmail.com> wrote:
> > > Hi Guys,
> > >
> > >
> > > I've been assigned to a project in which i'm asked to get a report on vulnerabilities present in a website hosted by my client. I'm new to blackbox testing on web applications. The duration of the project is 1.5 months. Can anyone comment on the following points
> > >
> > > 1. What are the important things to remember while doing blackbox web app testing?
> > >
> > > 2. Suggest some best free tools which are available to perform the test?
> > >
> > > 3. Where do i find the recommendation in case the tools reports various vulns in the site?
> > >
> > > 4. What is the traffic generated on the site due to the test?
> > >
> > >
> > > Any suggestions would be appreciated.
> > >
> > >
> > > Regards,
> > >
> > > Rajiv,
> > >
> > > Security Team
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Cenzic
> > >
> > > Need to secure your web apps NOW?
> > > Cenzic finds more, "real" vulnerabilities fast.
> > > Click to try it, buy it or download a solution FREE today!
> > >
> > > http://www.cenzic.com/downloads
> > > ------------------------------------------------------------------------
> > >
> > >
> >
> >
> >
> > --
> > Lee J Lawson
> > leejlawson@gmail.com
> >
> > "Give a man a fire, and he'll be warm for a day; set a man on fire,
> > and he'll be warm for the rest of his life."
> >
> > "Quidquid latine dictum sit, altum sonatur."
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
> >
> >
>
>
>
> --
> Thiago Zaninotti,Security+,CISSP-ISSAP,CISM
> Info Security Professional
-- Thiago Zaninotti,Security+,CISSP-ISSAP,CISM Info Security Professional ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:15 EDT