Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Web Application Tester
From: Darren Bounds <dbounds () intrusense com>
Date: Sat, 18 Sep 2004 14:51:53 -0400

SPI recently released a comprehensive web app pen testing toolkit. It includes the following:

• Cookie Cruncher - Analyzes strength of cookies to avoid session hijacking
•   Encoders/Decoders  -  Translate different encryption standards
•   HTTP Editor  -  Create and edit HTTP requests
•   Regex Tester  -  Test regular expressions
• SOAP Editor - Automatically generate Web services SOAP requests as well as manually edit • SPI Fuzzer - HTTP fuzzing or modification of input variables to identify buffer overflows • SPI Proxy - Stand-alone, self-contained proxy server that you can configure and run on your desktop to monitor traffic for debugging and penetration assessments; view every request and server response while browsing a site • SQL Injector - Automated SQL injection attacks against Web site to test susceptibility to exploits • WebBrute - Brute force tool to test strength of usernames and passwords used in login forms or authentication pages • WebDiscovery - Discovery tool to identify which Web servers and Web applications are behind which ports



Darren Bounds, CISSP

443D 628D 0AC7 CACF 6085
C0E0 B2FC 534B 3D9E 69AF

--
Intrusense - Securing Business As Usual


On Sep 14, 2004, at 6:49 PM, Andrew Bagrin wrote:

Does anyone know of an application tester similar to AppDetective
thats not as hard on the pocket book?
I need to pentest a web app and am looking for some tools

Thanks,

-- Andrew Bagrin
andrew () bagrin com

----------------------------------------------------------------------- -------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------- --------


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]