testing tools availability/comparison
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: testing tools availability/comparison

  1. #1
    Member
    Join Date
    Aug 2004
    Posts
    36

    testing tools availability/comparison

    hi,

    Is there any opensource tool to test web application security for known vulnerabilities ?

    How do they compare to tools like AppScan QA ?

    Any information is highly appreciated and am sure will shed some light.

    Thanks,
    Rich.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    You could have a look at Paros, (can`t remember the URL, I'm sure Goggle will know). Its failry good and no worse then AppScan.
    Quis custodiet ipsos custodes

  3. #3
    Member
    Join Date
    Aug 2004
    Posts
    36
    Thanks

    1. Is there any article/post anywhere that lists different web application security testing products and compare them ?

    2. What are the "n" things that a human consultant should do in testing a website's security besides using a vulnerability scanning tool ?

  4. #4
    Member
    Join Date
    Dec 2004
    Posts
    37

    SiteDigger

    For websites security, SiteDigger of foundStone can assess how vulnerable you website is!

    It utilize Google to fulfil its functions, for this purpose you have to get your own Google API Key.

    Enjoy the party!!!

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Kautilya, I know infoworld had some reviews of network vulnerability assessment tools a while back, not sure if there is anything out there on app specific tools.

    SiteDigger is primarily concerned with finding out what info is available about your site via Goggle.

    As to t hings that you nee to do for an assessment, there are many methodologies out there, as well as lots of books, and lots of opinions. PM me if you can`t find anything and I`ll mail you some stuff.
    Quis custodiet ipsos custodes

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    well you could pay the big bucks for Eeye's retina scanner or try nessus which is open source and included with Helix a live cd .
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Member
    Join Date
    Dec 2004
    Posts
    37
    SiteDigger is primarily concerned with finding out what info is available about your site via Goggle.
    I don't think so, SiteDigger is used to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.

    You can Click Here to find some more information about it.

  8. #8
    Member
    Join Date
    Aug 2004
    Posts
    36
    1. Is there any article/post anywhere that lists different web application security testing products and compare them ?

    2. What are the "n" things that a human consultant should do in testing a website's security besides using a vulnerability scanning tool ?

  9. #9
    Member
    Join Date
    Aug 2004
    Posts
    36
    "web application security testing products "

  10. #10
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Opeth, it does that by using Goggle (hence the use of the Goggle API's) to search for weaknesses in your site that can be accessed by Goggle (i.e Google hacks). At least thats what it seems to do when I run it. The options it has are Goggle search strings.

    Whereas Paros, Appscan, web inspect etc... look for things like Xsite scripting, SQL injection, etc...
    Quis custodiet ipsos custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •