-
Testing Website Security
I am a looking for tools to help test website security. I am starting a new QA/QC department for the company where I work, I haven't tested web security before and I need to have a test suite that will perform some hacking, security, load performance and functionality if possible. Please HELP!!!
-
You could have found this if you had searched the forums here but it is your first post so just start searching before posting.
Nessus works wonders........
www.nessus.org
-
I am not just using Unix or Linux. I need tools that work for all OS's
I am also looking for web page/site testing tools.
-
so your saying you want us to provide you with every hacking tool known to man.....i dont think so
-
Quote:
Originally posted here by Tedob1
so your saying you want us to provide you with every hacking tool known to man.....i dont think so
I'm pretty sure that we don't need... our good friend www.google.com has already done that. ;)
-
Not every tool just one really good one.
Do you guys actually build internet sites and work with secuirty or do you just surf.
Maybe the knowledge level I'm looking for is beyond what a bunch of google searchers can handle.
-
well if its tool your after have a look a thread I posted a while a go.
http://www.antionline.com/showthread...829#post615829
However you need more than tools to test the security of web application, most vulnerability are found by the skill of the tester. I would suggest you have a very good read of www.owasp.org there is alot of very good info on that site.
The best book I know for this topic has to be hacking exposed "web application" well worth the money
All I can say the use of tool is not the best way forward for the testing of web application. Hope this helps
SittingDuck
-
Quote:
Originally posted here by DocP
Not every tool just one really good one.
Do you guys actually build internet sites and work with secuirty or do you just surf.
Maybe the knowledge level I'm looking for is beyond what a bunch of google searchers can handle.
Is that an insult? Pretty funny coming from someone asking us to do his homework for him. :thumbsup:
-
>>Do you guys actually build internet sites and work with secuirty or do you just surf.
Well I don't see any reason to answer that rediculious question, anywho.
I did a google search for "Testing Website Security" and the first result lead me to this article:
http://www.linuxworld.com/go.cgi?id=742217
At the end of the article is a bunch of links to such tools for testing web site security. Which begs the question, did you search.
Back to the origional google search, along the right side, is an advertisement for "Security Analysis Scan" I clicked on it and it, very fascinateing. I also did a search for "security tools" and got some usefull results.
HTH
-
There are some basic tools for checking things out such as:
Coast web master - link checker and slaps the server with load
Black widow - indexes a site for offline viewing and can be helpful for looking for sensitive information on a website.
There aren't many (if any) comprehensive pre-built tools for doing all of that testing on web applications. Your best bet will most likely be grabbing a test automation tool such as silk by segue, rsw e-test suite, rational visual test, etc...or using your favorite programming language and writing your own test automation libraries.
You will also probably want to grab a copy of silk performer/winrunner/etc to do some nice load testing of your web apps.
I tested e-commerce web apps for a few years so if you have any questions or need any suggestions give me a shout.
For suggestions on methodology I highly reccomend checking out the sec focus website since they have some great articles on auditing web application authentication and so on. www.sans.org has quite a few papers on web application security, auditing, and standards in their reading room and in the papers done by people seeking their certifications (many of these can be found in the cert specific area on www.giac.org). Finally the owasp project is working on standards and tools for web app security.
D'oh...almost forgot. Security Focus also has a web app sec mailing list that you would probably find helpful.