Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Web Application Tester

from [Anders Thulin] Network Security [Permanent Link]
Subject: Re: Web Application Tester
Date: Wed, 15 Sep 2004 09:09:56 +0200 
Andrew Bagrin wrote:

Does anyone know of an application tester similar to AppDetective
thats not as hard on the pocket book?
I need to pentest a web app and am looking for some tools


  Haven't tried AppDetective for Web Applications myself, so I'm
not sure of just what capabilities you're looking for. Nothing
magic I hope. Take a look at:

  * Nikto (http://www.cirt.net/code/nikto.shtml)
    Freeware
    Useful for single-shot exercies, less useful for mass deployment.
    Looks mainly at the server and the server set-up, not the web-site
    itself.

  * Xenu's Link Sleuth (http://home.snafu.de/tilman/xenulink.html)
    Freeware
    Intended for finding broken links, but also helps enumerate all
    reachable pages on a site, given a starting point (and in some
    cases an account/password).

  * wget (http://www.gnu.org/software/wget/wget.html)
    Freeware -- typically part of free Unixes, including Cygwin
    Useful for getting a 'copy' of the web site: search for keywords,
    comments, etc.

  A SSL-proxy is sometimes useful, as is some kind of brute-force
login tool (THC-Hydra is well known - http://thc.org/)

  And, in general, the book Scambray & Shema: 'Hacking Exposed:
Web Applications' is one of the best places to start preparing for
this kind of exercise.

--
Anders Thulin   anders.thulin@tietoenator.com   040-661 50 63   
TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Strange response from network, Shashank Rai
Next by Date:  Re: Web Application Tester, Danux
Previous by Thread:  Re: Web Application Tester, A.R.
Next by Thread:  Re: Web Application Tester, cbc
Indexes:  [Date] [Thread] [Top] [All Lists]