[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] about scanning the web
- From: "David Spenard" <David.Spenard@xxxxxxxxxxxxxx>
- Subject: RE: [WEB SECURITY] about scanning the web
- Date: Fri, 12 Jun 2009 12:06:50 -0400
You can download an evaluation copy of AppScan from IBM Rational (formerly Watchfire AppScan) and it will let you scan a test site they expose.
David Spenard
-----Original Message-----
From: Andres Riancho [mailto:andres.riancho@xxxxxxxxx]
Sent: Friday, June 12, 2009 11:01 AM
To: neeraj gupta
Cc: websecurity@xxxxxxxxxxxxx
Subject: Re: [WEB SECURITY] about scanning the web
Neeraj,
On Fri, Jun 12, 2009 at 8:17 AM, neeraj gupta<neeraj.gupta.vns@xxxxxxxxx> wrote:
> Hello,
>
> I am Neeraj pursuing my B.Tech 3rd year from IT-BHU. I am doing a
> project on web scanning for three credit course. Luckily I landed at
> your site and found it a very interesting site for scanning the web.
>
> I have been assigned a project to make a web scanner.
A teacher asking a student to reinvent the wheel, oh, this is new! ;)
> I would like to
> know how a webscanner works and how to scan the sites for
> vulnerabilities and fixing them.
Basically you need to:
1- Crawl the website to find all forms and query string parameters
2- Save all that information somewhere
3- Use a fuzzing engine to send customized payloads to each parameter
of each form/query string
4- Analyze responses
You can learn more by looking at the w3af source code:
http://w3af.sf.net/
> I am a newbie in this field and would appreciate any help you would offer.
>
> Thanks
>
> Neeraj Gupta
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|