Educause Security Discussion
mailing list archives
Re: Web App Scan tool
From: "St Clair, Jim" <Jim.StClair () GT COM>
Date: Fri, 21 Nov 2008 17:11:55 -0500
I highly suggest you check out the open source tools at OWASP.org - the Open Web Application Security Project. Not only
do they have tools for XSS, SQL injection, etc. but they have defined a nationally recognized vulnerability list - "the
OWASP top ten" - that may spur your interest into a broader evaluation.
James A. St.Clair, CISM, PMP
Global Public Sector
Grant Thornton LLP
E jim.stclair () gt com
The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest
quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of
Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton
International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct
In the U.S., visit Grant Thornton LLP at http://www.grantthornton.com/.
From: The EDUCAUSE Security Constituent Group Listserv on behalf of Mark Monroe
Sent: Fri 11/21/2008 5:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Web App Scan tool
I need to test some web apps. I am not fantastic at this. I am looking
for a tool to help and due to a total lack of funds right now I cannot
buy anything. I need to check for the usual things like x site scripting
and sql injection and one of the apps generates a token and passes it on
to another site and I need to make sure that can not be "messed" with too.
In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any
written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton
LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under
the Internal Revenue Code.
This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or
privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities
other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender
immediately and delete the material from any computer.