Web App Audit in 3 easy steps – powered by SANS
SANS released a paper on Web Applications Audit. It’s more of a guide to low hanging fruit website assessment, but still is a good resource . The article begins with setting up , adjusting and configuring the tool arsenal and then walks the reader trough implementation and conclusions. As simple as the SANS workflow may seem, there are numerous website which won’t pass this security test.
These tests will only find obvious problems and are less likely to find more complex issues. We totally neglect some common problems like response-splitting or secondary SQL injection issues, and we spent little time on actually exploiting these problems. See this 1 hour audit as a due diligence test that should be done periodically.
However, what I find to be intriguing is that there are no web application scanners listed. And I appreciate this. Well .. they could have listed WebInspect . Did I say i love this tool ? * I’m not affiliated with SPI Dynamics in any way , I just hope that mentioning the tool quite often will get me a personal license – Hint ! Hint 
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Thursday, March 22nd, 2007 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Watchfire Certified as PCI Security Standards Council Approved Scanning Vendor »
Next Post: Month of PHP Bugs – Days 11 – 22 »
Read More
Related Reading:- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!
- My Twitter Notes on 2010-07-18
