[Esapi-user] Continuous Website/Web Services Testing?

Christian Frichot christian.frichot at owasp.org
Sun Jul 14 04:44:49 UTC 2013


Oh, have you investigated whitehat's sentinel ?
https://www.whitehatsec.com/sentinel_services/sentinel_services.html

Regards,

Christian


On Sun, Jul 14, 2013 at 12:39 PM, Jeffrey Walton <noloader at gmail.com> wrote:

> On Sun, Jul 14, 2013 at 12:26 AM, Christian Frichot
> <christian.frichot at owasp.org> wrote:
> > Hi Jeffrey,
> >
> > Depends on what sort of things you're looking to do
> Thanks John and Christian. I was hoping for something along the lines
> of AppScan or Fortify. In my mind, testing an application once a year
> or two is a big opportunity for improvement. So I'd like to have the
> test performed, suppressions and custom rules developed, and then
> continuously test the web app. Why wait to read about your data breach
> on PasteBin?
>
> > potential avenues you can investigate:
> >  - Sucuri.net - monitors for changes to DNS, SSL, blacklisting - plus,
> you
> > can set it up to email you diffs if content changes.
> >  - asafaweb.com - more ASP.NET focused, but, may do a little of what
> you're
> > after?
> >  - Spin up your own? Maybe investigate running something like
> > http://jenkins-ci.org/ somewhere, tie it together with something like
> w3af.
> >  - Hack up your own? If you know exactly what you're after, you may be
> able
> > to 'bash' some cli apps together with cron on a *nix box somewhere.
> Thanks. I'll look into these.
>
> Jeff
>
> > On Sun, Jul 14, 2013 at 9:43 AM, Jeffrey Walton <noloader at gmail.com>
> wrote:
> >>
> >> Hi All,
> >>
> >> Is anyone aware of a tool that performs nightly tests of web apps like
> >> a continuous integration tests a build?
> >>
> >> The idea is to get a baseline and then look for adverse changes as the
> >> dev team modifies functionality and adds pages.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130714/03db2d50/attachment.html>


More information about the Esapi-user mailing list