Re: Web Application Tester
From: Darren Bounds (dbounds_at_intrusense.com)
Date: 09/18/04
- Previous message: Anders Thulin: "Re: LDAP Pentest"
- In reply to: Andrew Bagrin: "Web Application Tester"
- Next in thread: petercheung_at_gawab.com: "Re: Web Application Tester"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 18 Sep 2004 14:51:53 -0400 To: pen-test@securityfocus.com
SPI recently released a comprehensive web app pen testing toolkit. It
includes the following:
• Cookie Cruncher - Analyzes strength of cookies to avoid session
hijacking
• Encoders/Decoders - Translate different encryption standards
• HTTP Editor - Create and edit HTTP requests
• Regex Tester - Test regular expressions
• SOAP Editor - Automatically generate Web services SOAP requests
as well as manually edit
• SPI Fuzzer - HTTP fuzzing or modification of input variables to
identify buffer overflows
• SPI Proxy - Stand-alone, self-contained proxy server that you can
configure and run on your desktop to monitor traffic for debugging and
penetration assessments; view every request and server response while
browsing a site
• SQL Injector - Automated SQL injection attacks against Web site
to test susceptibility to exploits
• WebBrute - Brute force tool to test strength of usernames and
passwords used in login forms or authentication pages
• WebDiscovery - Discovery tool to identify which Web servers and
Web applications are behind which ports
Darren Bounds, CISSP
443D 628D 0AC7 CACF 6085
C0E0 B2FC 534B 3D9E 69AF
-- Intrusense - Securing Business As Usual On Sep 14, 2004, at 6:49 PM, Andrew Bagrin wrote: > Does anyone know of an application tester similar to AppDetective > thats not as hard on the pocket book? > I need to pentest a web app and am looking for some tools > > Thanks, > > -- > Andrew Bagrin > andrew@bagrin.com > > ----------------------------------------------------------------------- > ------- > Ethical Hacking at the InfoSec Institute. All of our class sizes are > guaranteed to be 12 students or less to facilitate one-on-one > interaction > with one of our expert instructors. Check out our Advanced Hacking > course, > learn to write exploits and attack security infrastructure. Attend a > course > taught by an expert instructor with years of in-the-field pen testing > experience in our state of the art hacking lab. Master the skills of an > Ethical Hacker to better assess the security of your organization. > > http://www.infosecinstitute.com/courses/ethical_hacking_training.html > ----------------------------------------------------------------------- > -------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
- Previous message: Anders Thulin: "Re: LDAP Pentest"
- In reply to: Andrew Bagrin: "Web Application Tester"
- Next in thread: petercheung_at_gawab.com: "Re: Web Application Tester"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
