I think that it's fundamental for security testers to gather information about how a web application works and eventually what language it's written in.
I know that URL extensions, HTTP headers, session cookies, HTML comments and style-sheets may…
What tools are available to assess the security of a web application?
Please provide a small description of what the tool does.
Update: More specifically, I'm looking for tools that assume no access to the source code (black box).
What order do typical open-source penetration tests operate? Which tools are run first, second, third -- and how do you control them?
Does one simply use Metasploit RC files? A network vulnerability scanner in a special way? A command-line, custom,…
I'd like to perform a man-in-the-middle attack on SSL connections between clients and a server.
Assuming the following:
I've got a certificate that the client will accept, via poor cert validation or other means.
I know the IP address of the server…
How to check whether the source code of an open-source project contains no malicious content? For example, in a set of source code files with altogether 30,000 lines, there might be 1-2 lines containing a malicious statement (e.g. calling curl…
I am trying to figure out what the best solution is to store different types of passwords:
Personal passwords (my personal email, my company's email, all the services I use to buy things like Amazon, etc.)
My business passwords (all the tools…
For a project with many open-source libraries as a part of it, I began to search for information source concerning all upgrades and security issues. The kind of sources I gathered are either announcement list or issue/bug tracker in the form of RSS…
Nessus and OpenVAS appear to have fairly similar features. Why would you choose one over the other, besides the benefit of commercial support (which isn't available for Nessus Home Feed users anyways)?
Recently I participated in a capture the flag competition which was attached with SOC analysis teams monitoring our traffic.
There we were told that many tools were very noisy. Eg Sqlmap which has its full header.
As all of us were new so we weren't…
It is often helpful to be able to obtain a good cryptographic checksum of a file, e.g. the SHA-256 hash. This can be used to verify file integrity, so long as you have a reliable source for the hash.
Support for both SHA-256 and MD5 from the…
Is it possible to test for SQL injection vulnerabilities with using sqlmap with a url that is using mod rewrite (or something like it) to make the urls clean?
I know how to test my sites that have urls like:
http://mysite.com/?id=1
But what about my…
Obviously, securely backing up sensitive data is a challenge. A remote backup is important for surviving a variety of disasters. What are some of the "gotcha's" lurking out there, and what best practices can avoid them?
To make it a bit more…
Is there any way to browse certain exploits in MSFconsole? The show exploits command shows too many and I cannot find a way to show just Windows file format exploits, for example.
As with any tools purchase part of the outcome is in how good the evaluation criteria are, so it is important to understand the criteria people might use when assessing Security static analysis tools.
Obviously the weighting on each criterion would…