Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Testing Website Security

  1. #1

    Post Testing Website Security

    I am a looking for tools to help test website security. I am starting a new QA/QC department for the company where I work, I haven't tested web security before and I need to have a test suite that will perform some hacking, security, load performance and functionality if possible. Please HELP!!!

  2. #2
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    You could have found this if you had searched the forums here but it is your first post so just start searching before posting.
    Nessus works wonders........
    www.nessus.org

  3. #3
    I am not just using Unix or Linux. I need tools that work for all OS's

    I am also looking for web page/site testing tools.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    so your saying you want us to provide you with every hacking tool known to man.....i dont think so
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Banned
    Join Date
    Mar 2002
    Posts
    594
    Originally posted here by Tedob1
    so your saying you want us to provide you with every hacking tool known to man.....i dont think so
    I'm pretty sure that we don't need... our good friend www.google.com has already done that.

  6. #6
    Not every tool just one really good one.

    Do you guys actually build internet sites and work with secuirty or do you just surf.

    Maybe the knowledge level I'm looking for is beyond what a bunch of google searchers can handle.

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    well if its tool your after have a look a thread I posted a while a go.

    http://www.antionline.com/showthread...829#post615829

    However you need more than tools to test the security of web application, most vulnerability are found by the skill of the tester. I would suggest you have a very good read of www.owasp.org there is alot of very good info on that site.

    The best book I know for this topic has to be hacking exposed "web application" well worth the money

    All I can say the use of tool is not the best way forward for the testing of web application. Hope this helps

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  8. #8
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Originally posted here by DocP
    Not every tool just one really good one.

    Do you guys actually build internet sites and work with secuirty or do you just surf.

    Maybe the knowledge level I'm looking for is beyond what a bunch of google searchers can handle.

    Is that an insult? Pretty funny coming from someone asking us to do his homework for him.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  9. #9
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    >>Do you guys actually build internet sites and work with secuirty or do you just surf.

    Well I don't see any reason to answer that rediculious question, anywho.

    I did a google search for "Testing Website Security" and the first result lead me to this article:

    http://www.linuxworld.com/go.cgi?id=742217

    At the end of the article is a bunch of links to such tools for testing web site security. Which begs the question, did you search.

    Back to the origional google search, along the right side, is an advertisement for "Security Analysis Scan" I clicked on it and it, very fascinateing. I also did a search for "security tools" and got some usefull results.

    HTH

  10. #10
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    There are some basic tools for checking things out such as:

    Coast web master - link checker and slaps the server with load
    Black widow - indexes a site for offline viewing and can be helpful for looking for sensitive information on a website.

    There aren't many (if any) comprehensive pre-built tools for doing all of that testing on web applications. Your best bet will most likely be grabbing a test automation tool such as silk by segue, rsw e-test suite, rational visual test, etc...or using your favorite programming language and writing your own test automation libraries.

    You will also probably want to grab a copy of silk performer/winrunner/etc to do some nice load testing of your web apps.

    I tested e-commerce web apps for a few years so if you have any questions or need any suggestions give me a shout.

    For suggestions on methodology I highly reccomend checking out the sec focus website since they have some great articles on auditing web application authentication and so on. www.sans.org has quite a few papers on web application security, auditing, and standards in their reading room and in the papers done by people seeking their certifications (many of these can be found in the cert specific area on www.giac.org). Finally the owasp project is working on standards and tools for web app security.

    D'oh...almost forgot. Security Focus also has a web app sec mailing list that you would probably find helpful.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •