Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing

from [Lee Lawson] Network Security [Permanent Link]
Subject: Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing
Date: Tue, 11 Dec 2007 08:43:52 +0000 
I would start by reading the OWASP (Open Web Application Security
Project) Top Ten web application vulnerabilities, it can be found
here:
http://www.owasp.org/index.php/Top_10_2007

I have written some papers about the top ten which can be found here:
http://www.dns.co.uk/advisorycentre/whitepapers/

This will give you a good grounding in the most common errors.  Then
you can start finding them.

Are you after open source black box web app scanners?  Something you
need to understand is the difference between the server and the
application.

Server:
Nikto
Wikto (which contains Nikto and runs on Windows)

Application:
WebInspect (SPI Dynamics - now HP) - commercial - expensive but one of
the better scanners.
AppScan (Watchfire - Now IBM) - commercial - expensive but one of the
better scanners.

As for open source tools, you will not go far wrong with WebScarab
(http://www.owasp.org/index.php/Category:OWASP_Project).

later,


On 7 Dec 2007 03:22:07 -0000, <rajivvishwa@gmail.com> wrote:

Hi Guys,


I've been assigned to a project in which i'm asked to get a report on 
vulnerabilities present in a website hosted by my client. I'm new to blackbox 
testing on web applications. The duration of the project is 1.5 months. Can 
anyone comment on the following points

1. What are the important things to remember while doing blackbox web app 
testing?

2. Suggest some best free tools which are available to perform the test?

3. Where do i find the recommendation in case the tools reports various vulns 
in the site?

4. What is the traffic generated on the site due to the test?


Any suggestions would be appreciated.


Regards,

Rajiv,

Security Team

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






-- 
Lee J Lawson
leejlawson@gmail.com

"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."

"Quidquid latine dictum sit, altum sonatur."

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Cain & Able man in the middle attack, James Bensley
Next by Date:  Cpanel Vulnerability?, Francisco Pecorella
Previous by Thread:  Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing, Serg B
Next by Thread:  Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing, Thiago Zaninotti
Indexes:  [Date] [Thread] [Top] [All Lists]