Re: Automatic web application security profiling

From: D Adusumalli <asndpp@xxxxxxxxx>
Date: Sat, 5 Sep 2009 18:52:01 +0530

Open source web proxies BURP, WebScarab have spidering ability.

- Durga

On Thu, Jul 16, 2009 at 7:12 AM, John Beck<jbeck59@xxxxxxxxxxx> wrote:

Hello List:

I am about to start an application layer security assessment of a web application and I am searching for a quick method of identifying "most" of the inputs of a JSP/tomcat web application (remotely, without source code access).

Are any of you using any free / open source / custom tools to accomplish this that you would be willing to share / recommend? Do you know of any usable solution to automatically create a site map that could be included in a paper report?

Essentially I'd like to be able to use a free tool to spider the application and end up with a list of end points to test manually.

Any help is greatly appreciated.

Thanks,

-Jeff

_________________________________________________________________
Windows Live™: Keep your life in sync.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_BR_life_in_synch_062009
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Follow-Ups:
- Re: Automatic web application security profiling
  - From: Volker Tanger

Prev by Date: Re: Cell Phone Viruses
Next by Date: [Tools update] The Security-Database Watch Newsletter -- v20090905
Previous by thread: crack.pl v3
Next by thread: Re: Automatic web application security profiling
Index(es):
- Date
- Thread

Relevant Pages

RE: Which Commercial Web App Scanner?
... so assuming that leaves WebInspect and Acunetix ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
(Pen-Test)
Re: Pentest exams
... would be a dynamic duo of pen testing certs. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually ... do a proper penetration test. ...
(Pen-Test)
Fwd: Evaluating pentesters
... (Being a pen-tester). ... usually get a good feel of how they work and some of the methodologies ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
(Pen-Test)
Re: Pentesting lab
... Most pros that I have ever heard of/met/read use Metasploit. ... One subject is pen-testing and second subject is malware analysis. ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
(Pen-Test)
Re: Pentesting lab
... One subject is pen-testing and second subject is malware analysis. ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
(Pen-Test)