[Owasp-testing] V4 Update ideas

Christian Heinrich christian.heinrich at cmlh.id.au
Sun Sep 23 08:48:38 UTC 2012


Alessandro,

Below are a list of resources that I presented last Tuesday (18
September) at http://www.meetup.com/SAGE-AU-NSW/events/77817862/
regarding the "network recon of www servers" (the last two, DShield
and Shodan, would not be applicable to the Testing Guide but has been
included for completeness):

HTTPS/SSLv3/TLS:
https://www.ssllabs.com/ssltest/analyze.html?d=[INSERT DOMAIN-NAME]

Web Technologies
http://builtwith.com/[INSERT DOMAIN-NAME]

SEO
http://optimizer.builtwith.com/seo/[INSERT DOMAIN-NAME]

vhost:
http://msdn.microsoft.com/en-us/library/ff795671.aspx
http://www.domaintools.com/research/reverse-ip/

Incident/Attack Database:
http://dshield.org/api/ip/[INSERT IP ADDRESS]?text

Host Port and Banner Database:
http://www.shodanhq.com/

Furthermore, I will possibly be delivering another related
presentation sometime after/during November on the more host and
network layer on things like
http://code.google.com/p/collective-intelligence-framework/, etc which
I didn't cover during this presentation so I can push out the second
list if you would like for discussion as to the scope of the OWASP
Testing Guide v4?


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Owasp-testing mailing list