RE: Check security

["Christopher Canova" <canovac () earthlink net>]

You should probably make it into a real project if this is for your company.
First, formulate your objectives/mission. Establish your legal and business'
requirements. Research and validate your options, formulate a methodology,
implement the methodology, then measure the results. Plan to followup at
selected intervals. 

Your plan of attack is to: Learn web app security, gather some tools, then
pen-test your own system. 

You may want to check out SecFocus' article:
http://www.securityfocus.com/infocus/1809 Also, try WebGoat:
http://www.owasp.org/software/webgoat.html This project is a teaching
environment for Web Application Security. Once you are familiar with
ins-outs of web sec, you can use those skills to independantly test your
system. Next, familarize yourself with the top 20 security vulnerabilities
http://www.sans.org/top20/ 
 
Then check out http://www.insecure.org/tools.html for the Top 75 Security
Tools. Try WebScarab http://www.owasp.org/software/webscarab.html and
finally http://www.owasp.org/documentation/testing.html OWASP's Testing
Project. 

Design your company's methodology, implement it, and followup. 

Or hire someone to do all this for you!

--
Christopher Canova, Student
canovac () earthlink net
http://home.earthlink.net/~canovac


-----Original Message-----
From: Gare [mailto:gare () wanadoo es] 
Sent: Thursday, November 04, 2004 2:05 PM
To: webappsec () securityfocus com
Subject: Check security

I what know if there is any software to test the security of a web app, some
app that can throw attacks to my web application as if it were a hacker.
I know, and use, rats to scan the code of my php scripts, but I would like
to find a soft that can perform a test in running conditions, before I put
my app in my production server.

Any idea?