Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Web App Scan tool
From: "St Clair, Jim" <Jim.StClair () GT COM>
Date: Fri, 21 Nov 2008 17:11:55 -0500

I highly suggest you check out the open source tools at OWASP.org - the Open Web Application Security Project. Not only 
do they have tools for XSS, SQL injection, etc. but they have defined a nationally recognized vulnerability list - "the 
OWASP top ten" - that may spur your interest into a broader evaluation.
James A. St.Clair, CISM, PMP
Senior Manager
Global Public Sector
Grant Thornton LLP
T  703-637-3078
F  703-637-4455
C  703-727-6332
E  jim.stclair () gt com

The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest 
quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of 
Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton 
International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct 
legal entity.
In the U.S., visit Grant Thornton LLP at http://www.grantthornton.com/.

From: The EDUCAUSE Security Constituent Group Listserv on behalf of Mark Monroe
Sent: Fri 11/21/2008 5:10 PM
Subject: Web App Scan tool

I need to test some web apps. I am not fantastic at this. I am looking
for a tool to help and due to a total lack of funds right now I cannot
buy anything. I need to check for the usual things like x site scripting
and sql injection and one of the apps generates a token and passes it on
to another site and I need to make sure that can not be "messed" with too.

any suggestions?

Mark Monroe

In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any 
written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton 
LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under 
the Internal Revenue Code.
This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or 
privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities 
other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender 
immediately and delete the material from any computer.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]