RE: Web Application Testers.
From: Ockens Thomas (Thomas.Ockens@med.siemens.de)Date: 09/25/01
- Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: FW: RE Modem identification"
- Maybe in reply to: Dom De Vitto: "Web Application Testers."
- Next in thread: Yonatan Bokovza: "RE: Web Application Testers."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <D013EEC9CCE6D411BA7D00805FBE486801304877@shs01.shs-online.de> From: Ockens Thomas <Thomas.Ockens@med.siemens.de> To: Dom De Vitto <Dom@DeVitto.com>, pen-test@securityfocus.com Subject: RE: Web Application Testers. Date: Tue, 25 Sep 2001 14:49:09 +0200
(note - I've taken vuln-dev out of the CC-list, as this seems just the
tiniest bit more suitable for pen-testers)
> FYI, AppScan breaks/subverts web applications - there are
> plenty of tools
> to break web servers (apache/IIS), but it looks like appscan
> is on it's own
> on the test-the-bespoke-web-app front.
I'm not a hundred percent sure if hailstorm has been considered, but have a
look, or take an evaluation copy for a test drive at
http://www.clicktosecure.com/products/index.html
also, HSCs babelweb can possibly used for subverting web applications - the
least it does is a good deal of enumeration:
(from the web site)
"Babelweb is a program which allows to automate tests on a HTTP
server. It is able to follow the links and the HTTP redirect but it is
programmed to remain on the original server.
The main goal of babelweb is to obtain informations about a remote web
server and to sort these informations. It is thus possible to draw up the
list of the accessible pages, the cgi scripts met, the various files found
like .zip, .pdf..."
..get it from here: http://www.hsc.fr/ressources/outils/babelweb/
As additional ideas, you may want to look into tools such as RFProxy[1],
Achilles[2] or subweb[3] when breaking web apps; I found Achilles invaluable
when needing on-the-fly substitution of authentication cookies for a web
board, which in a fashion was a bit like breaking it.
As 'web apps' seems to be pretty huge a field, breaking them might involve
low-level stuff such as a spoofed IP, referrer or somesuch, or SQL
injection, overly long input in forms, exploitation of site-design specific
bugs (is the interface plain html w/ cgi? is it PHP? is the PHP possibly
derived from a known buggy app?), so I estimate there's currently no tool
remotely capable of emulating the brains of an experienced human web app
breaker (for lack of a better word)
good luck
thomas
--- [1] (not released yet? - not sure - see http://www.wiretrip.net/rfp) [2] http://www.digizen-security.com/projects.html [3] http://www.hsc.fr/ressources/outils/subweb/index.html.en---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: FW: RE Modem identification"
- Maybe in reply to: Dom De Vitto: "Web Application Testers."
- Next in thread: Yonatan Bokovza: "RE: Web Application Testers."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
