[Techtalk] Re: security testing
mlist at linux-house.net
mlist at linux-house.net
Mon Apr 19 13:10:10 EST 2004
maybe not for testing java applets specifically, but nmap is good for testing
the host server,....version 3.5 rocks...
>On Monday 19 April 2004 12:41, Raven Alder wrote:
> Heya --
>
> Quoth Becky L. Norum (Thu, Apr 15, 2004 at 04:57:17PM -0400):
> > I'm curious to hear what other people use to help with web app security
> > testing, especially Java apps. Things that can facilitate URL hacking,
> > form forging, etc. I've played with TCPMon a bit and am wondering about
> > (free or cheap) alternatives.
>
> I don't know much about Java apps, but I have found that for Web
> testing in general, these are useful:
>
> Nikto:
> http://www.cirt.net/code/nikto.shtml
> Version 2.0 is coming out Real Soon Now.
>
> Achilles:
> http://www.packetstormsecurity.org/web/ (digizen-security is down)
> If you're in Windows (or run it under WINE), it's quite useful for MITM
> and changing data as it passes through your inserted proxy.
>
> And, of course, Nessus and Ethereal. At the least, the
> auto-scanners will give you places to start monkeying with the input,
> etc.
>
> I keep meaning to code an automated site-crawler that checks for
> basic things like SQL injection and cross-site scripting
> vulnerabilities, but it's about item 10,000 on the to-do list.
>
> Cheers,
> Raven
>
> "manglement never notices when doing X kept them from having a
> disaster. they only notice disasters."
> -- Randy Bush, on patching and prevention
>
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
--
Regards,
MList
"Sharing The Power Of IT Through Linux"
Mandrake 9.2
Kernel 2.4.22-21
KDE 3.2
OpenOffice 1.1
More information about the Techtalk
mailing list