SANS released a paper on Web Applications Audit. It’s more of a guide to low hanging fruit website assessment, but still is a good resource . The article begins with setting up , adjusting and configuring the tool arsenal and then walks the reader trough implementation and conclusions. As simple as the SANS workflow may seem, there are numerous website which won’t pass this security test.
These tests will only find obvious problems and are less likely to find more complex issues. We totally neglect some common problems like response-splitting or secondary SQL injection issues, and we spent little time on actually exploiting these problems. See this 1 hour audit as a due diligence test that should be done periodically.
However, what I find to be intriguing is that there are no web application scanners listed. And I appreciate this. Well .. they could have listed WebInspect . Did I say i love this tool ? * I’m not affiliated with SPI Dynamics in any way , I just hope that mentioning the tool quite often will get me a personal license – Hint ! Hint 🙂
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post
Post InfoThis entry was posted on Thursday, March 22nd, 2007 . Tagged with:
Previous Post: Watchfire Certified as PCI Security Standards Council Approved Scanning Vendor »
Next Post: Month of PHP Bugs – Days 11 – 22 »
Read MoreRelated Reading:
- How to Protect Your Business Network from Phishing Attacks
- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!