[OWASP-BLR] FW: Application Security

jatinder pal singh jatin_libra at hotmail.com
Fri Aug 11 03:23:17 EDT 2006


Hi Krishna,

There are of course tools available for automated SQL and XSS testing but 
then my exp with these tools has been far from satisfactory.
Anyways you can contact me on jatin.libra at gmail.com if u want links to these 
tools but I would suggest you to hire any of the professional Pen-Testers 
out here to get ur apps tested manually.
There are no shortcuts to Pen-Testing.
Cheers
Jatinder

>From: m3c <mcensamuel at yahoo.com>
>Reply-To: "OWASP, Bangalore Chapter" 
><owasp-bangalore at lists.sourceforge.net>
>To: "OWASP, Bangalore Chapter" <owasp-bangalore at lists.sourceforge.net>
>Subject: Re: [OWASP-BLR] FW: Application Security
>Date: Wed, 9 Aug 2006 01:02:41 -0700 (PDT)
>MIME-Version: 1.0
>Received: from lists-outbound.sourceforge.net ([66.35.250.225]) by 
>bay0-mc11-f18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Wed, 
>9 Aug 2006 01:02:50 -0700
>Received: from sc8-sf-list2-new.sourceforge.net (unknown [10.3.1.94])by 
>sc8-sf-spam2.sourceforge.net (Postfix) with ESMTPid 1D0DCF9FE; Wed,  9 Aug 
>2006 01:02:50 -0700 (PDT)
>Received: from sc8-sf-mx2-b.sourceforge.net 
>([10.3.1.92]helo=mail.sourceforge.net)by sc8-sf-list2-new.sourceforge.net 
>with esmtp (Exim 4.43)id 1GAj1b-0006cv-Sg for 
>owasp-bangalore at lists.sourceforge.net;Wed, 09 Aug 2006 01:02:47 -0700
>Received: from web36912.mail.mud.yahoo.com ([209.191.85.80])by 
>mail.sourceforge.net with smtp (Exim 4.44) id 1GAj1a-00062I-Vqfor 
>owasp-bangalore at lists.sourceforge.net;Wed, 09 Aug 2006 01:02:48 -0700
>Received: (qmail 13756 invoked by uid 60001); 9 Aug 2006 08:02:41 -0000
>Received: from [125.16.133.35] by web36912.mail.mud.yahoo.com via HTTP;Wed, 
>09 Aug 2006 01:02:41 PDT
>X-Message-Info: LsUYwwHHNt2w29vjVpYjIuxu8FPKYLo0rXgS8dr06ds=
>X-Spam-Score: 2.2 (++)
>X-Spam-Report: Spam Filtering performed by sourceforge.net.See 
>http://spamassassin.org/tag/ for more details.Report problems 
>tohttp://sf.net/tracker/?func=add&group_id=1&atid=2000012.2 
>FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received'headers
>X-BeenThere: owasp-bangalore at lists.sourceforge.net
>X-Mailman-Version: 2.1.8
>Precedence: list
>List-Id: "OWASP, Bangalore Chapter" <owasp-bangalore.lists.sourceforge.net>
>List-Unsubscribe: 
><https://lists.sourceforge.net/lists/listinfo/owasp-bangalore>, 
><mailto:owasp-bangalore-request at lists.sourceforge.net?subject=unsubscribe>
>List-Archive: 
><http://sourceforge.net/mailarchive/forum.php?forum=owasp-bangalore>
>List-Post: <mailto:owasp-bangalore at lists.sourceforge.net>
>List-Help: 
><mailto:owasp-bangalore-request at lists.sourceforge.net?subject=help>
>List-Subscribe: 
><https://lists.sourceforge.net/lists/listinfo/owasp-bangalore>, 
><mailto:owasp-bangalore-request at lists.sourceforge.net?subject=subscribe>
>Errors-To: owasp-bangalore-bounces at lists.sourceforge.net
>Return-Path: owasp-bangalore-bounces at lists.sourceforge.net
>X-OriginalArrivalTime: 09 Aug 2006 08:02:50.0282 (UTC) 
>FILETIME=[356C78A0:01C6BB8A]
>
>XSS is so difficult to test it or what ? You can find
>lot of tools in the Internet and regarding SQL
>injection better to do code review...
>
>If you like to use some tool to find SQL injection,
>then it find's only very very easy SQL injection stuff
>!!
>
>application/your filtering/DB/place of bug
>everything matters.
>
>I dont think anybody do that in India !! ;-)
>
>
>--- Harinath Pudipeddi
><harinath.pudipeddi at softrel.org> wrote:
>
> > All,
> >
> > Krishna Prasad is looking for some information and
> > it would be good if any
> > of you can share any information you have.
> >
> > Regards,
> > Hari
> >
> > Harinath Pudipeddi | SoFTReL |+91.80.4153 2626 Res |
> > +91.98860 01976  Mob |
> > <http://www.SofTReL.org> www.SofTReL.org
> >
> >   _____
> >
> > From: mailman-bounces at lists.owasp.org
> > [mailto:mailman-bounces at lists.owasp.org] On Behalf
> > Of Krishna Prasad K S
> > Sent: Tuesday, August 01, 2006 5:19 PM
> > To: owasp-bangalore-owner at lists.owasp.org
> > Subject: Application Security
> >
> > Hi Harinath,
> > We are in need of Application Security tool  for
> > testing our Java
> > Application against SQL Injection and Cross
> > Scripting. It is OK for us if
> > third party PT lab is available in Bangalore.
> > Could you please pass on this information to me, if
> > you know any one or any
> > such lab in Bangalore.
> > Thanks in advance.
> >
> > Thanks and Regards
> > Krishna Prasad K S
> > Associate Principal Consultant
> > Extn: 1672; Mobile: +91 9448129816
> >
>===========================================================================
> > Sobha Renaissance Information Technology Private
> > Limited
> > An SEI-CMM & P-CMM Level 5 Company
> > World's 1st SSE-CMM Level 5 Company
> > BS ISO/IEC 27001:2005 [BS 7799] Certified by British
> > Standards Institute
> > ISO 9001:2000 Certified by TÜV
> > Rheinland/Berlin-Brandenburg
> > A Six Sigma Practice Company
> > Tel: + 91 80 41951999; Fax: + 91 80 41523300; Video
> > Conference: + 91 80
> > 41252222
> > Email: krishnaprasad.ks at renaissance-it.com; Web:
> > www.renaissance-it.com
> >
>===========================================================================
> > The information transmitted is intended only for the
> > person or entity to
> > which it is addressed and may contain confidential
> > and/or privileged
> > material. Any review, retransmission, dissemination
> > or other use of, or
> > taking of any action in reliance upon, this
> > information by persons or
> > entities other than the intended recipient is
> > prohibited. If you received
> > this in error, please contact the sender and delete
> > all copies from any
> > computer.
> >
> > >
>-------------------------------------------------------------------------
> > Using Tomcat but need to do more? Need to support
> > web services, security?
> > Get stuff done quickly with pre-integrated
> > technology to make your job easier
> > Download IBM WebSphere Application Server v.1.0.1
> > based on Apache Geronimo
> >
>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642>
>_______________________________________________
> > OWASP-Bangalore mailing list
> > OWASP-Bangalore at lists.sourceforge.net
> >
>https://lists.sourceforge.net/lists/listinfo/owasp-bangalore
> >
>
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>
>-------------------------------------------------------------------------
>Using Tomcat but need to do more? Need to support web services, security?
>Get stuff done quickly with pre-integrated technology to make your job 
>easier
>Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>_______________________________________________
>OWASP-Bangalore mailing list
>OWASP-Bangalore at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/owasp-bangalore






More information about the Owasp-bangalore mailing list