[Owasp-testing] Add new tools

dinis cruz dinis.cruz at owasp.org
Sun Sep 20 17:05:12 EDT 2009


This information on tools is valuable to our community, the challenge is to
do it in a way that we keep our 'vendor independence'
So maybe, If I can suggest, why don't you start by defining a number of
categories, then add some rules on which tool should fit on each category
and only after that is set, you start the mapping process (including adding
new tools).

I am basically talking about a 'selection criteria' for these tools (which
if we get it right would be very useful)

One word on scalability, I would really recommend that you build this on top
of the new 'WIKI-Database-driven-template' solution we came up at the GPC
(since that will allow you to be able to create a maintainable 'master list'
(with content reused where required)

Dinis Cruz

2009/9/20 Pavol Luptak <pavol.luptak at nethemba.com>

> Hi,
>
> On Thu, Sep 10, 2009 at 11:01:37PM +0630, Aung Khant wrote:
> >    Hi Kevin
> >
> >    I can't agree with you more.
> >
> >    I'm in no doubt that tools makes our life a lot easier in some
> situations
> >    when
> >    manual testing is our default arsenal.
> >
> >    As far as I'm concerned, such a tool project rarely interests folks
> >    and they usually underestimate such.
> >
> >    One example is notable certification - CEH, which people have been
> saying
> >    - a collection of tools and their usage.
> >
> >    Without tools, penetration testing will take a lot longer.
> >    Without methodology, penetration testing won't be complete and
> perfect.
> >
> >    Should we start - OWASP Web Pentesting Tool Database Projects?
>
> As I know, years ago we were talking about similar project (but nobody
> created
> it yet :)
>
> >
> >    I think we should. There is no such Distro designed for thorough web
> >    testing.
> >    BackTrack lists just a few of web tools. Either does Samurai.
> >    A big challenge is that we can't stick to one platform. Some tools are
> for
> >    Windows [Can't run with wine].
> >    Some for Linux. We have to use both.
>
> Good source is http://www.owasp.org/index.php/Phoenix/Tools
>
> Pavol
> --
>
> ______________________________________________________________________________
> [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel:
> +421905400542]
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkq2OmkACgkQkBK3tbitpXPAjwCfUVxdysYAcT+YZPCPgYd3ysNm
> jxAAnigjLa1KeOTs+Wepovq6SH72rN1p
> =fnKk
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20090920/d1468992/attachment-0005.html 


More information about the Owasp-testing mailing list