Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Application Security
From: "Meenal Mukadam" <meenal.mukadam () gmail com>
Date: Wed, 9 Jul 2008 09:37:13 +0530

Hello Frederick,

To start with you could get mozilla addons. The advantage of having
these addons is that they make your life easy. (atleast they made my
life easy :)  )

You can download addons like hackbar, access me, sql inject me, xss
me, webdeveloper, greasymonkey, foxyproxy, tamper data, fire bug,
quick proxy, IP Geo-location, whois, show ip, stealther, WASP, Xpath
checker, etc. These are a few good addons that'll give you the needed
information on the fly.

Then there are many tools that are already mentioned by Philippe
Rivest. I would like to add to that list. For port scanning angry ip
scanner, super scanner, etc. Wikto which has both google hacks &
Nikto's database. Accunetix & Watchfire for WebApp security. For
generating a wordlist for brute forcing Brutus is an excellent tool.
Webscarab is my personal favorite when I'm doing a Penetration test.
Gamja, obiWAN, BiDiBLAH, sitedigger, metaspoilt, viewstate decoder,
blackwidow & ntoinsight are few other tools that'll help ya.

BackTrack3 has been released. Even that could be of great help to you.
Wish you all the best....

Cheers!

Meenal A. Mukadam





-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la
part de GT GERONIMO, Frederick Joseph B.
Envoyé : 7 juillet 2008 05:12
À : pen-test () securityfocus com
Objet : Application Security

Hello,

I have been reading up on Application Security and Software Security
Testing. I am interested tools you use in detecting any security bugs in
business applications, may it be a web application, a C+ GUI, or what
have you.

Any opinion would be greatly appreciated. Thanks


Fred

This e-mail message (including attachments, if any) is intended for the use
of the individual or the entity to whom it is addressed and may contain
information that is privileged, proprietary, confidential and exempt from
disclosure. If you are not the intended recipient, you are notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
the sender and delete this E-mail message immediately.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




--
Meenal A. Mukadam

-------------------------------------------------------------
Far away there in the sunshine
are my highest aspirations.
I may/maynot reach them,
but I can look up and see their beauty,
believe in them and try to follow
where they lead
-------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]