Home page logo
/

basics logo Security Basics mailing list archives

RE: Re[2]: Testing for SQL injection or Cross Site scripting
From: "Stoughton, Brian F." <bstoughton () nejm org>
Date: Tue, 3 Nov 2009 15:13:03 -0500

Acunetix is pretty good...

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mojorising
Sent: Tuesday, October 13, 2009 4:50 PM
To: Adam Pal
Cc: Scott Race; security-basics () securityfocus com
Subject: Re: Re[2]: Testing for SQL injection or Cross Site scripting

Hi.

There are a few good tools out there for finding web application
vulnerabilites and it's a good idea run them against your sites before
someone else does. I've used and had good experience with all these
aside from Pantera and Proxmon but I understand they are also quality
tools.

ratproxy - http://code.google.com/p/ratproxy/
Paros - http://www.parosproxy.org
Nikto - http://cirt.net/nikto2
Wapiti - http://sourceforge.net/projects/wapiti/
Proxmon - http://www.isecpartners.com/proxmon.html
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project


Also useful for creating your own attacks.
Webscarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp - http://portswigger.net/proxy/


VB, thanks for the list you sent. I'm checking that out now.


If anyone knows of more web application vulnerabilty scanners, I'd
definitely love to hear about them too. Finding such issues is part of
my job (I work for a web development shop) and I'm always looking for
more free/open source tools like this to ensure few/no such bugs slip
through the cracks.


Mike



On 10/10/2009, Adam Pal <pal_adam () gmx net> wrote:
Hello Scott,

Try absinthe ( http://www.0x90.org/releases/absinthe/download.php ).
There was once a tool called lilith but i dont know if still exists.



--
Best regards,
 Adam Pal

Wednesday, October 7, 2009, 1:57:36 AM, you wrote:

<==============Original message text===============
SR> Hey everyone,
SR> Does anyone know of any free SQL injection or XSS tools to scan a
single
SR> website?  I checked out Acunetix and a few other tools, but they are
SR> pretty expensive.  Not that I don't want to support vendors who make
SR> good tools, but this project isn't going to make much $$, so free tools
SR> are our only option if we want to scan to see where we're at.

SR> Thanks in advance!



SR> Scott

SR>
------------------------------------------------------------------------
SR> Securing Apache Web Server with thawte Digital Certificate
SR> In this guide we examine the importance of Apache-SSL and who
SR> needs an SSL certificate.  We look at how SSL works, how it
SR> benefits your company and how your customers can tell if a site is
SR> secure. You will find out how to test, purchase, install and use a
SR> thawte Digital Certificate on your Apache web server. Throughout,
SR> best practices for set-up are highlighted to help you ensure
SR> efficient ongoing management of your encryption keys and digital
certificates.

SR>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
SR>
------------------------------------------------------------------------

<===========End of original message text===========



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


This email message is a private communication.  The information transmitted, including attachments, is intended only 
for the person or entity to which it is addressed and may contain confidential, privileged, and/or proprietary 
material.  Any review, duplication, retransmission, distribution, or other use of, or taking of any action in reliance 
upon, this information by persons or entities other than the intended recipient is unauthorized by the sender and is 
prohibited.  If you have received this message in error, please contact the sender immediately by return email and 
delete the original message from all computer systems.  Thank you.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]