[Owasp-testing] Add new tools

Vishal Garg vishalgrg at gmail.com
Thu Sep 10 14:54:21 EDT 2009


Hi All,

It is really good to have this discussion here. In fact I have recently
started a new OWASP Tools Project, the aim of which is to identify and rate
application security tools. The project is in its initial stage and at the
moment we are in the process of identifying tools in different categories
and defining the rating criteria for identified tools. As Aung said earlier,
new tools are developed from time to time, we'll keep on updating our list
and then test these new tools to rate them according to the set criteria.

Anyone can suggest new tools and we would include these tools in our tools
listing. The project link is given below:

http://www.owasp.org/index.php/Category:OWASP_Tools_Project


Regards
Vishal

On Thu, Sep 10, 2009 at 5:31 PM, Aung Khant <aungkhant at yehg.net> wrote:

> Hi Kevin
>
> I can't agree with you more.
>
> I'm in no doubt that tools makes our life a lot easier in some situations
> when
> manual testing is our default arsenal.
>
> As far as I'm concerned, such a tool project rarely interests folks
> and they usually underestimate such.
>
> One example is notable certification - CEH, which people have been saying
> - a collection of tools and their usage.
>
> Without tools, penetration testing will take a lot longer.
> Without methodology, penetration testing won't be complete and perfect.
>
> Should we start - OWASP Web Pentesting Tool Database Projects?
>
> I think we should. There is no such Distro designed for thorough web
> testing.
> BackTrack lists just a few of web tools. Either does Samurai.
> A big challenge is that we can't stick to one platform. Some tools are for
> Windows [Can't run with wine].
> Some for Linux. We have to use both.
>
> Some may point to me sites like http://www.security-database.com/.
> As far as I know, no single site is dedicated to app sec.
>
>
> On Thu, Sep 10, 2009 at 9:45 PM, Kevin Horvath <kevin.horvath at gmail.com>wrote:
>
>> Hello Aung,
>>
>> The guide is about the methodology and some tools are given as an
>> example of what can be used but in no means is meant to be all
>> encompasing.  To have a list of tools that would be useful in app
>> testing could be a seperate project in itself that would need to be
>> constantly updated.  Although I believe having a tool listing would be
>> a nice project to have for all aspects of app testing i dont think
>> that it should be part of this guide (IMHO).
>>
>> On Thu, Sep 10, 2009 at 11:06 AM, Aung Khant <aungkhant at yehg.net> wrote:
>> > Hi Mat and List
>> >
>> > New web app test tools are developed from time to time.
>> > Is it good to add new tools to the Guide wiki?
>> >
>> > Or does it  introduce over redundancy ?
>> >
>> > --
>> > Best Regards
>> > YGN Ethical Hacker Group
>> > http://yehg.net
>> >
>> > _______________________________________________
>> > Owasp-testing mailing list
>> > Owasp-testing at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-testing
>> >
>> >
>>
>
>
>
> --
> Best Regards
> YGN Ethical Hacker Group
> http://yehg.net
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20090910/e1419be5/attachment.html 


More information about the Owasp-testing mailing list