|
|
(Page 1 of 3) 1 2 3 Next > Category: Authentication » Web w3af Added 2008-11-03 w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. IIS Secure Parameter Filter (SPF) Added 2008-08-22 SPF is an application security module designed for Microsoft IIS web servers. SPF uses cryptography to dynamically secure embedded application parameters at runtime (Query String Values, Form Inputs & Cookies). SPF does not require any changes to the underlying application code and provides instant protection against parameter tampering, URL manipulation and replay attacks. SPF also includes the capability to define forbidden input patterns (Black-Lists) using regular expressions to block known attack signatures. BeEF - Browser Exploitation Framework Added 2007-07-23 BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of XSS browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more. Keygloo Added 2006-04-28 This is a public key based authentication model that works by verifying whether the user is in posession of his private key. The user should have Keygloo installed in his system for authenticating himself into any Keygloo enabled web application. During login time, the user will be thrown a challenge password encrypted using his public key. The user can decrypt the password by clicking a 'Decrypt' button which appears in his toolbar after installing Keygloo. The decrypted password is submitted to the Keygloo enabled application by clicking a 'submit' button on the page. The Keygloo enabled applcation then authenticates the user into the system by comparing the decrypted password with the original challenge password. A demonstration of how the model works can be found at http://www.keygloo.com/Authentication/auth_kgnum.html. Keygloo is free to download and install from http://www.keygloo.com/Downloads.htm. BobCat Added 2006-02-04 BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can exploit SQL injection bugs/opportunities in web applications, independent of language, but dependent on MS SQL as the back end DB. Acunetix Web Vulnerability Scanner Added 2006-01-09 Audit your website security: Acunetix Web Vulnerability Scanner checks your web applications (shopping carts, forms, dynamic content, etc.) for vulnerabilities to SQL injection, Cross site scripting & other web attacks. Hackers are concentrating their efforts on websites: 75% of cyber attacks are launched on web applications! Scan your web site today and find vulnerabilities before hackers do! JProbe Added 2005-12-15 JProbe will check remotely for supported cipher suites on a webserver. It will also check for redirections in case a cipher is supported but the client is then directed to a "not valid cipher" page. JProbe also will export the results to an HTML page. (Additionally you can set cookies) Thor Added 2005-12-02 Thor is Internet Explorer driven tool for manual web application testing. Both security professionals and testers found it useful while testing web applications. You can control (intercept and change) what web forms submit to web servers, see the source code of the page and/or manipulate cookies. It supports frames and, if required, it is possible to use HttpWebRequest instead of IE navigation. Built for .NET Framework 2.0 and, as it uses IE COM control, it requires FullTrust. Sorry, no proper web page or manual yet, but give me a shout if you need more information... pak76 LiLith Added 2005-11-03 LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to sql injection or other flaws. VForce Added 2005-05-10 V-Force is an instrument with whose help attacks on web server or applications can be simulated and the results logged and analyzed. Browse by category |
|
Privacy Statement |