Re: Vuln Scanner for Web App Source Code
- From: Christian Nanne <cnanne@xxxxxxxxx>
- Date: Mon, 19 May 2008 15:08:46 -0700
Thanks everybody for the prompt responses I will give it a try to some of the tools and see how it goes from there.
On May 19, 2008, at 3:01 PM, Dan Denton wrote:
I'd highly recommend Paros Proxy for this task. We've used it with success
in locating pages vulnerable to XSS and SQLI. The product acts as a proxy
server, and also has a spider program built in. Once you've accessed the
pages you want to access, you can use the spider to crawl the rest of the
site, then run Paros's report program to analyze the results.
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx ] On
Behalf Of Paul J. Brickett
Sent: Monday, May 19, 2008 9:10 AM
Subject: Re: Vuln Scanner for Web App Source Code
Acunetix Web Vulnerability Scanner will somewhat do this- it will
attempt to manipulate various variables it detects in the pages
you're scanning, then point
out which variables in your souce are susceptible to unsanitized input,
cross site scripting, ect.
That said, if you have the time doing this manually is the superior
On Sun, 18 May 2008, cnanne@xxxxxxxxx wrote:
This might be a bit of a dumb question, but does anyone know of a goodVulnerability Scanner for finding faults in the actual Source Code of the
Web App? Or can this task can only be done by hand?
Any feedback on this is highly appreciative
- Prev by Date: MS SQL Cluster Hardening procedure
- Next by Date: RE: Masters in Information Security/Assurance
- Previous by thread: RE: Vuln Scanner for Web App Source Code
- Next by thread: Re: Vuln Scanner for Web App Source Code