|
Penetration Testing
mailing list archives
Automatic web application security profiling
From: John Beck <jbeck59 () hotmail com>
Date: Wed, 15 Jul 2009 21:42:08 -0400
Hello List:
I am about to start an application layer security assessment of a web application and I am searching for a quick method
of identifying "most" of the inputs of a JSP/tomcat web application (remotely, without source code access).
Are any of you using any free / open source / custom tools to accomplish this that you would be willing to share /
recommend? Do you know of any usable solution to automatically create a site map that could be included in a paper
report?
Essentially I'd like to be able to use a free tool to spider the application and end up with a list of end points to
test manually.
Any help is greatly appreciated.
Thanks,
-Jeff
_________________________________________________________________
Windows Liveā¢: Keep your life in sync.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_BR_life_in_synch_062009
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Automatic web application security profiling John Beck (Jul 17)
|
Intro
