ray at highentropy.org
Sun Jun 29 15:21:12 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
As Mark said, WebScarab is a great place to start. We should put some white
papers on the portal for some of the esoteric details not mentioned in the
In terms of openproxy, I never seen such a tool but it looks like it was
written by Steve Taylor and it has been incorporated in Webscarab. But you
are not the first person to ask this question:
I will try to change the documentation but in the meantime you have many
choices available for testing web applications.
spikeproxy - http://www.immunitysec.com/
exodus - http://mysite.mweb.co.za/residents/rdawes/exodus.html
achilles - http://achilles.mavensecurity.com
penproxy - http://shh.thathost.com/pub-java/html/PenProxy.html
mangle - http://mysite.mweb.co.za/residents/rdawes/homepage.html
odysseus - http://www.wastelands.gen.nz/odysseus/
Sanctum AppScan - http://www.sanctuminc.com/solutions/appscan/de/index.html
SpiDynamics WebInspect - https://www.spidynamics.com/productline/WE_over.html
Kavado scando - http://kavado.com/ProductsScando.htm
@stake webproxy - http://www.atstake.com/webproxy/
Additionally there are cgi scanners like nikto and whisker and general tools
like nessus. That should keep you busy for a while, and once you feel
comfortable with them I can send you some of my custom tools, which are less
polished and more specific in utility.
On Friday 20 June 2003 08:46 pm, Gene McKenna wrote:
> I haven't heard from anyone in a long time. What's going on with the latest
> version of the Guide?
> Also, I have gotten some of the security teams at some of our customer
> sites reading the current Guide and checking out the other resources at
> owasp.org. A gentlemen at EMC Corp is asking me the following. Can anyone
> help? I'm pursuing the path of self-teaching with regards to assessing the
> security of web applications primarily following the guidelines on
> www.owasp.org. There is reference to OpenProxy being available there, but
> it is not. Any ideas where I can get it? or, reputable substitiute?
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> Owasp-guide mailing list
> Owasp-guide at lists.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Owasp-guide