|
WebApp Sec
mailing list archives
RE: OWASP Top 10 Demonstration CodeLooking for pen test open source tools
From: "Sebastien Deleersnyder" <sdl () ascure com>
Date: Mon, 10 Oct 2005 23:59:44 +0200
Hi,
The owasp tool for this is WebScarab
http://www.owasp.org/software/webscarab.html
The learning curve is somewhat steeper, but once you get this up and
running
you'll notice that a lot can be achieved with it.
A commercial tool that's no too expensive (about 250 Euro) is VForce
at http://solutions.virtualforge.net/sol_vforce_en.php
Remark that these tools allow you to manually test web app security.
There are no - or limited - automated tests incorporated.
Automated 'open-source' scan tools are e.g. nikto or nessus.
Regards,
Sebastien
-----Original Message-----
From: Stephen de Vries [mailto:stephen () corsaire com]
Sent: maandag 10 oktober 2005 11:57
To: mike03051 () yahoo com
Cc: webappsec () securityfocus com
Subject: Re: OWASP Top 10 Demonstration CodeLooking for pen test open
source tools
For a point and shoot (free) tool, Paros (www.parosproxy.org) is
probably your best bet. But even more effective than Paros on it's own
is to read the OWASP guide to building secure web applications and then
applying that knowledge using Paros.
Stephen
On 9 Oct 2005, at 20:49, <mike03051 () yahoo com> wrote:
Hi All,
I am looking for an open source pen-test suite that can be used to
point at one of my web sites.
I know this is a touchy subject. There are commercial tools out there
that perform these functions, but for small buisnesses this is a roll
of the dice pricy as you may not know exactly how good these tools
are.
Any recommendations? Did I miss some tools on OWASP?
Thank you,
Mike
 By Date 
By Thread
Current thread:
|
Intro
