[OWASP-Bangalore] Contents of OWASP-Bangalore digest...

Fri Feb 27 00:11:04 EST 2009

Hi,

You can also try W3af.

Regards
Chandrasekar

-----Original Message-----
From: owasp-bangalore-bounces at lists.owasp.org
[mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of
owasp-bangalore-request at lists.owasp.org
Sent: Thursday, February 26, 2009 10:30 PM
To: owasp-bangalore at lists.owasp.org
Subject: OWASP-Bangalore Digest, Vol 15, Issue 13

Send OWASP-Bangalore mailing list submissions to
	owasp-bangalore at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.owasp.org/mailman/listinfo/owasp-bangalore
or, via email, send a message with subject or body 'help' to
	owasp-bangalore-request at lists.owasp.org

You can reach the person managing the list at
	owasp-bangalore-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of OWASP-Bangalore digest..."

Today's Topics:

   1. Application security assessment tool? (Niranjan Patil)
   2. Re: Application security assessment tool? (Akash)

----------------------------------------------------------------------

Message: 1
Date: Thu, 26 Feb 2009 10:18:27 +0530
From: Niranjan Patil <niranjan.patil at gmail.com>
Subject: [OWASP-Bangalore] Application security assessment tool?
To: owasp-bangalore at lists.owasp.org
Message-ID:
	<6b0ba69c0902252048i6e5ad9e4udfeaeeb5a0183e96 at mail.gmail.com>
Content-Type: text/plain; charset=windows-1252

Hi team,

Need your help here.
I work as an infosec manager and I have a strange request from a dev
team for an application security assessment tool!
I know it sounds little naive, but what they are looking for is
something in the lines of Nessus but are ok if it?s not comprehensive
one.
They did understood when I explained about OWASP guidelines, OWASP top
ten, SANS/MITRE top 25, webappsec.org, etc.. For them, a tool which
can quickly scan and give out vulnerabilities/ exploits quickly is
desired.

-- 
Regs,
Niranjan

------------------------------

Message: 2
Date: Thu, 26 Feb 2009 16:17:13 +0530
From: Akash <akashmahajan at gmail.com>
Subject: Re: [OWASP-Bangalore] Application security assessment tool?
To: owasp-bangalore at lists.owasp.org
Message-ID:
	<868b524f0902260247u5b8ae60dy8620823a0f1b6ad2 at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Google for web vulnerability scanners

I would start with http://sectools.org/web-scanners.html

I have personally used nikto a lot. You can customize it easily.
I also use twill, selenium proxy as well.

Have heard nice things about appscan and acunetix. But haven't used
them personally.

If they are curious about learning they can try out web scarab and web
goat

HTH

regards
Akash

2009/2/26 Niranjan Patil <niranjan.patil at gmail.com>:
> Hi team,
>
> Need your help here.
> I work as an infosec manager and I have a strange request from a dev
> team for an application security assessment tool!
> I know it sounds little naive, but what they are looking for is
> something in the lines of Nessus but are ok if it?s not comprehensive
> one.
> They did understood when I explained about OWASP guidelines, OWASP top
> ten, SANS/MITRE top 25, webappsec.org, etc.. For them, a tool which
> can quickly scan and give out vulnerabilities/ exploits quickly is
> desired.
>
> --
> Regs,
> Niranjan
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>

-- 
regards
akash

------------------------------

_______________________________________________
OWASP-Bangalore mailing list
OWASP-Bangalore at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-bangalore

End of OWASP-Bangalore Digest, Vol 15, Issue 13
***********************************************