OpenVAS http://www.openvas.org/
Nikto http://cirt.net/Nikto2
Spend the $250 and get Burp Scanner for the win! The whole Burp Suite is pretty good actually. It includes many useful tools -- like Spidering and Intruding tools.
http://portswigger.net/suite/
Try Backtrack 4 is a Live CD with a lot tools, including Nikto, Metasploit, Beef and others. An the most important is FREE.
And if you're really adventurous, try the OSCP training that goes with Backtrack. But be forwarned, it is not for the faint of heart. Especially if you attempt the test. It, by far, was the hardest hands on test I've ever taken.
When I took a SANS web pentesting course, we used Burp and W3AF ( http://w3af.sourceforge.net/ ) quite a bit. Both tools are impressive.
In order to perform a thorough and accurate security analysis of any web application you should combine automated scanning with manual testing and validation. Automated scanning will not, and can not catch all of the possible holes in a web application and does not check for attacks such as business usage manipulation.
The OWASP testing guide is a great place start:
http://www.owasp.org/index.php/Category:OWASP_Testing_Project
Also, the OWASP code review guide is great for developers
http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
You can download samurai web scanning framework. There are plenty of open source tools in this for web application testing. It is just like backtrack but for web application testing instead of network pen-testing tools.
link
http://www.cgisecurity.com/2008/09/samurai-web-tes.html
Friday, March 19, 2010
Monday, March 8, 2010
Malware Analysis of Zeus Trojan Reverse Engineering
http://traversecode.com/2010/03/08/from-pdfexploit-to-zeustrojan-subject-steals-bank-credentials/
Tools :
File Insight tool to view the contents inside the PDF :
http://www.security-database.com/toolswatch/FileInsight-v2-1-Analizyng-files.html
Malzilla tool : Malware hunting tool ---> http://malzilla.sourceforge.net/
Ollydgb: debugging tool
Thanks and regards,
Madhuri Nandi
Tools :
File Insight tool to view the contents inside the PDF :
http://www.security-database.com/toolswatch/FileInsight-v2-1-Analizyng-files.html
Malzilla tool : Malware hunting tool ---> http://malzilla.sourceforge.net/
Ollydgb: debugging tool
Thanks and regards,
Madhuri Nandi
Subscribe to:
Posts (Atom)
