Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: WebService pentest tool on
From: wing.hon.loke () sg pwc com
Date: Mon, 23 Jun 2003 17:52:50 +0800


Dear all,

Anyone knows whether there are any practical restriction on the use of  Web
application  open sources tools such as  nikto, nessus,whisker, Achilles,
WebProxy, Exodus, SPIKE, etc in testing a Japanese or Chinese Web servers?
For example, would
the system paths for the files be different and probably not in english. In
that case, how would a tool detect
for example the presence of vulnerability scripts?

Do you need a Japanese/Chinese version of WebInspect and AppScan to test
out a web application?

Regards,
Wing Hon




                                                                                                                        
               
                      "Kevin Spett"                                                                                     
               
                      <kspett () spidynami        To:       "raymond" <ip_raymond () yahoo com>, <pen-test () 
securityfocus com>                
                      cs.com>                  cc:                                                                      
               
                                               Subject:  Re: WebService pentest tool                                    
               
                      01/05/2003 10:56                                                                                  
               
                      PM                                                                                                
               
                                                                                                                        
               
                                                                                                                        
               




The latest version of WebInspect (http://www.spidynamics.com/product.html)
includes the ability to audit web services.  It can be used for both
automated scanning and manual request manipulation.


Kevin Spett
SPI Labs
http://www.spidynamics.com/

----- Original Message -----
From: "raymond" <ip_raymond () yahoo com>
To: <pen-test () securityfocus com>
Sent: Wednesday, April 30, 2003 2:56 AM
Subject: WebService pentest tool


Hi,

I am on the way to complete to build a WebService
using SunWebService Package.  Do anyone hv the
experience and tools to pentest the WebService ?

Many thanks, Raymond.


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com


--------------------------------------------------------------------------
-
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test

--------------------------------------------------------------------------
--




---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------





_________________________________________________________________
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.


---------------------------------------------------------------------------
Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get 
trustworthy commercial-grade exploits and the latest techniques from a 
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 
or call 617-399-6980
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Re: WebService pentest tool on wing . hon . loke (Jun 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault