From: Darren Bounds (dbounds@intrusense.com)
Date: Sat Sep 18 2004 - 14:51:53 EDT
SPI recently released a comprehensive web app pen testing toolkit. It
includes the following:
• Cookie Cruncher - Analyzes strength of cookies to avoid session
hijacking
• Encoders/Decoders - Translate different encryption standards
• HTTP Editor - Create and edit HTTP requests
• Regex Tester - Test regular expressions
• SOAP Editor - Automatically generate Web services SOAP requests
as well as manually edit
• SPI Fuzzer - HTTP fuzzing or modification of input variables to
identify buffer overflows
• SPI Proxy - Stand-alone, self-contained proxy server that you can
configure and run on your desktop to monitor traffic for debugging and
penetration assessments; view every request and server response while
browsing a site
• SQL Injector - Automated SQL injection attacks against Web site
to test susceptibility to exploits
• WebBrute - Brute force tool to test strength of usernames and
passwords used in login forms or authentication pages
• WebDiscovery - Discovery tool to identify which Web servers and
Web applications are behind which ports
Darren Bounds, CISSP
443D 628D 0AC7 CACF 6085
C0E0 B2FC 534B 3D9E 69AF
-- Intrusense - Securing Business As Usual On Sep 14, 2004, at 6:49 PM, Andrew Bagrin wrote: > Does anyone know of an application tester similar to AppDetective > thats not as hard on the pocket book? > I need to pentest a web app and am looking for some tools > > Thanks, > > -- > Andrew Bagrin > andrew@bagrin.com > > ----------------------------------------------------------------------- > ------- > Ethical Hacking at the InfoSec Institute. All of our class sizes are > guaranteed to be 12 students or less to facilitate one-on-one > interaction > with one of our expert instructors. Check out our Advanced Hacking > course, > learn to write exploits and attack security infrastructure. Attend a > course > taught by an expert instructor with years of in-the-field pen testing > experience in our state of the art hacking lab. Master the skills of an > Ethical Hacker to better assess the security of your organization. > > http://www.infosecinstitute.com/courses/ethical_hacking_training.html > ----------------------------------------------------------------------- > -------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:05 EDT