-
June 30th, 2003, 10:29 PM
#1
Testing Website Security
I am a looking for tools to help test website security. I am starting a new QA/QC department for the company where I work, I haven't tested web security before and I need to have a test suite that will perform some hacking, security, load performance and functionality if possible. Please HELP!!!
-
June 30th, 2003, 10:32 PM
#2
You could have found this if you had searched the forums here but it is your first post so just start searching before posting.
Nessus works wonders........
www.nessus.org
-
June 30th, 2003, 10:35 PM
#3
I am not just using Unix or Linux. I need tools that work for all OS's
I am also looking for web page/site testing tools.
-
June 30th, 2003, 11:18 PM
#4
so your saying you want us to provide you with every hacking tool known to man.....i dont think so
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 30th, 2003, 11:28 PM
#5
Originally posted here by Tedob1
so your saying you want us to provide you with every hacking tool known to man.....i dont think so
I'm pretty sure that we don't need... our good friend www.google.com has already done that.
-
June 30th, 2003, 11:37 PM
#6
Not every tool just one really good one.
Do you guys actually build internet sites and work with secuirty or do you just surf.
Maybe the knowledge level I'm looking for is beyond what a bunch of google searchers can handle.
-
June 30th, 2003, 11:56 PM
#7
well if its tool your after have a look a thread I posted a while a go.
http://www.antionline.com/showthread...829#post615829
However you need more than tools to test the security of web application, most vulnerability are found by the skill of the tester. I would suggest you have a very good read of www.owasp.org there is alot of very good info on that site.
The best book I know for this topic has to be hacking exposed "web application" well worth the money
All I can say the use of tool is not the best way forward for the testing of web application. Hope this helps
SittingDuck
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"
-
June 30th, 2003, 11:59 PM
#8
Originally posted here by DocP
Not every tool just one really good one.
Do you guys actually build internet sites and work with secuirty or do you just surf.
Maybe the knowledge level I'm looking for is beyond what a bunch of google searchers can handle.
Is that an insult? Pretty funny coming from someone asking us to do his homework for him.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
July 1st, 2003, 12:06 AM
#9
>>Do you guys actually build internet sites and work with secuirty or do you just surf.
Well I don't see any reason to answer that rediculious question, anywho.
I did a google search for "Testing Website Security" and the first result lead me to this article:
http://www.linuxworld.com/go.cgi?id=742217
At the end of the article is a bunch of links to such tools for testing web site security. Which begs the question, did you search.
Back to the origional google search, along the right side, is an advertisement for "Security Analysis Scan" I clicked on it and it, very fascinateing. I also did a search for "security tools" and got some usefull results.
HTH
-
July 1st, 2003, 12:12 AM
#10
There are some basic tools for checking things out such as:
Coast web master - link checker and slaps the server with load
Black widow - indexes a site for offline viewing and can be helpful for looking for sensitive information on a website.
There aren't many (if any) comprehensive pre-built tools for doing all of that testing on web applications. Your best bet will most likely be grabbing a test automation tool such as silk by segue, rsw e-test suite, rational visual test, etc...or using your favorite programming language and writing your own test automation libraries.
You will also probably want to grab a copy of silk performer/winrunner/etc to do some nice load testing of your web apps.
I tested e-commerce web apps for a few years so if you have any questions or need any suggestions give me a shout.
For suggestions on methodology I highly reccomend checking out the sec focus website since they have some great articles on auditing web application authentication and so on. www.sans.org has quite a few papers on web application security, auditing, and standards in their reading room and in the papers done by people seeking their certifications (many of these can be found in the cert specific area on www.giac.org). Finally the owasp project is working on standards and tools for web app security.
D'oh...almost forgot. Security Focus also has a web app sec mailing list that you would probably find helpful.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|