Penetration Testing
OWASP Top 10 penetration testing software? Feb 28 2012 07:35PM
webcat (matthew mckinzie lewin com) (7 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 09:40PM
Nathalie Vaiser (nvaiser gmail com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:50PM
David Mirza (dma subgraph com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:44PM
psiinon (psiinon gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Mar 05 2012 11:00AM
Zaki Akhmad (zakiakhmad gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Mar 05 2012 11:17AM
psiinon (psiinon gmail com) (1 replies)
RE: OWASP Top 10 penetration testing software? Mar 05 2012 05:46PM
Adam Behnke (adam infosecinstitute com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:33PM
Tim Gonzales (tim gonzales gmail com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:15PM
martin mngoma gmail com (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:44PM
Robert Wood (robertwood50 gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:53PM
martin mngoma gmail com
I agree with you Robert

I also use different tools (manual + automated) and proxy hand in hand which always result to a close enough complete vulnerability scan.

Just bare in mind that never completely rely on scanners, as you still need that human factor to cross check and reference the findings.

Thanks

Martin

Sent from my BlackBerry® wireless device

-----Original Message-----

From: Robert Wood <robertwood50 (at) gmail (dot) com [email concealed]>

Date: Tue, 28 Feb 2012 15:44:09

To: <martin.mngoma (at) gmail (dot) com [email concealed]>

Cc: webcat<matthew.mckinzie (at) lewin (dot) com [email concealed]>; <listbounce (at) securityfocus (dot) com [email concealed]>; <pen-test (at) securityfocus (dot) com [email concealed]>

Subject: Re: OWASP Top 10 penetration testing software?

Hi, while the Owasp Top 10 is a good starting point for application

security testing, it is just that, a starting point. This list should

not be considered all inclusive and I encourage you to look for tools

with much more capabilities. Learning about the techniques involved in

web application testing and a simple proxy can often yield much more

in depth results.

That being said, these scanners are a good initial way to identify the

"easy to find" vulnerabilities that exist in your target application.

But don't stop there.

On Tue, Feb 28, 2012 at 3:15 PM, <martin.mngoma (at) gmail (dot) com [email concealed]> wrote:

> Hi

>

> I am not sure about the "inexpensive" part as I don't know your budget but  the top 10 threats can be tested using Acunetix - vulnerability scanner - that's what I use.

>

> There is only one short fall with this tool it doesn't support silverlight applications otherwise its very powerfull specially when you use it with the add on called Acusensor which eliminates false positives.

>

> Please let me know if there is anything else or tools I may help you with.

>

> Thanks

> Martin

>

>

> Sent from my BlackBerry® wireless device

>

> -----Original Message-----

> From: webcat <matthew.mckinzie (at) lewin (dot) com [email concealed]>

> Sender: listbounce (at) securityfocus (dot) com [email concealed]

> Date: Tue, 28 Feb 2012 11:35:59

> To: <pen-test (at) securityfocus (dot) com [email concealed]>

> Subject: OWASP Top 10 penetration testing software?

>

>

> Hi, for one of my websites, I have been required to use a web application

> scanner that tests against the OWASP Top Ten threats. I'm looking for a

> scanner that does this that is inexpensive or free.

>

> Possible scanners I've found for this include the OWASP Zed Attach Proxy

> Project, Sonar, and w3af, but none of these explicitly tests against the

> OWASP Top Ten threats (at least not that I can tell).

>

> Does anyone know of a scanner that does test against the OWASP Top Ten

> threats? Thank you!

> --

> View this message in context: http://old.nabble.com/OWASP-Top-10-penetration-testing-software--tp33409
197p33409197.html

> Sent from the Penetration Testing mailing list archive at Nabble.com.

>

>

> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board

>

> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

>

> http://www.iacertification.org

> ------------------------------------------------------------------------

>

--

Robert Wood

Application Security Consultant

Cigital, Inc.

315-396-5029 (M)

Software Confidence, Achieved.

[ reply ]
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:09PM
Michele Orru (antisnatchor gmail com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:07PM
M. Hani Benhailes (kroosec gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:32PM
webcat (matthew mckinzie lewin com)


 

Privacy Statement
Copyright 2010, SecurityFocus