Re: Vuln Scanner for Web App Source Code



Thanks everybody for the prompt responses I will give it a try to some of the tools and see how it goes from there.
On May 19, 2008, at 3:01 PM, Dan Denton wrote:

I'd highly recommend Paros Proxy for this task. We've used it with success
in locating pages vulnerable to XSS and SQLI. The product acts as a proxy
server, and also has a spider program built in. Once you've accessed the
pages you want to access, you can use the spider to crawl the rest of the
site, then run Paros's report program to analyze the results.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx ] On
Behalf Of Paul J. Brickett
Sent: Monday, May 19, 2008 9:10 AM
To: cnanne@xxxxxxxxx
Cc: security-basics@xxxxxxxxxxxxxxxxx;
security-basics-return-49117@xxxxxxxxxxxxxxxxx
Subject: Re: Vuln Scanner for Web App Source Code

Acunetix Web Vulnerability Scanner will somewhat do this- it will
attempt to manipulate various variables it detects in the pages
you're scanning, then point
out which variables in your souce are susceptible to unsanitized input,
cross site scripting, ect.

That said, if you have the time doing this manually is the superior
method. :)

-PJB

On Sun, 18 May 2008, cnanne@xxxxxxxxx wrote:

This might be a bit of a dumb question, but does anyone know of a good
Vulnerability Scanner for finding faults in the actual Source Code of the
Web App? Or can this task can only be done by hand?

Any feedback on this is highly appreciative


cheers,

PhoenixRbrth





Relevant Pages

  • Re: Do I need Pro or Dev Edition of .NET ?
    ... I have contacted the Dev company to ask, ... I do not have access to the source code (and no ide to view it in ... Its a Web App connecting to a SQL 2000 backend. ... I'm a VB / SQL developer with a bit of ASP, ...
    (microsoft.public.dotnet.general)
  • Source code review/scanner
    ... source code and web app code created by our developers. ... with less than optimal security or coding knowledge. ...
    (Pen-Test)
  • Re: PHP Directory Transversal
    ... He probably has php in 'safe-mode'. ... Andres Molinetti wrote: ... > Working on a Web app testing...I have found that the uses the ... > I user the same source code in my server, ...
    (Pen-Test)
  • RE: Source code review/scanner
    ... Subject: Source code review/scanner ... source code and web app code created by our developers. ...
    (Pen-Test)
  • Vuln Scanner for Web App Source Code
    ... This might be a bit of a dumb question, but does anyone know of a good Vulnerability Scanner for finding faults in the actual Source Code of the Web App? ...
    (Security-Basics)