Web App Audit in 3 easy steps – powered by SANS
SANS released a paper on Web Applications Audit. It’s more of a guide to low hanging fruit website assessment, but still is a good resource . The article begins with setting up , adjusting and configuring the tool arsenal and then walks the reader trough implementation and conclusions. As simple as the SANS workflow may seem, there are numerous website which won’t pass this security test.
These tests will only find obvious problems and are less likely to find more complex issues. We totally neglect some common problems like response-splitting or secondary SQL injection issues, and we spent little time on actually exploiting these problems. See this 1 hour audit as a due diligence test that should be done periodically.
However, what I find to be intriguing is that there are no web application scanners listed. And I appreciate this. Well .. they could have listed WebInspect . Did I say i love this tool ? * I’m not affiliated with SPI Dynamics in any way , I just hope that mentioning the tool quite often will get me a personal license – Hint ! Hint 
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Thursday, March 22nd, 2007 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Watchfire Certified as PCI Security Standards Council Approved Scanning Vendor »
Next Post: Month of PHP Bugs – Days 11 – 22 »
Read More
Related Reading:- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!
- My Twitter Notes on 2010-07-18
- My Twitter Notes on 2010-07-11
- My Twitter Notes on 2010-06-27
- Qualys and Imperva Integration: Natural Evolution
- My Twitter Notes on 2010-06-20
- Pro CERT – First Romanian Commercial CERT
- GFI EventsManager 2010 Review
- My Twitter Notes on 2010-06-13
