Results 1 to 5 of 5

Thread: webscarab

  1. #1
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    3

    Default webscarab

    ...would be nice

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by _cato_ View Post
    ...would be nice
    Never used it...does it provide more functionality that Paros?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Personally I'm for Paros or even better Firefox with the Tamper Data extension.

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by thorin View Post
    Personally I'm for Paros or even better Firefox with the Tamper Data extension.
    Both of which come with BackTrack. ;-)

    The simple cookie editor extension is nice complement.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Junior Member
    Join Date
    Feb 2010
    Posts
    44

    Default Some pointers

    Hey guys,

    I would like to know more about pen-testing webapplications. I have a little experience with websites development in the past. Of course when pen-testing/ auditing a website I want to address the entire spectrum of vulnerabilities (Top 10 OWASP):
    A1 Unvalidated Input
    A2 Broken Access Control
    A3 Broken Authentication and Session Management
    A4 Cross Site Scripting
    A5 Buffer Overflow
    A6 Injection Flaws
    A7 Improper Error Handling
    A8 Insecure Storage
    A9 Application Denial of Service
    A10 Insecure Configuration Management

    I know commercial tools like WebInspect have this scope. But I still don't know how to use the open source tools included in BackTrack. But I want to learn! In the past I used Nikto and Wikto, but that's more for addressing vulnerabilities on the webserver level and of course I know how to do some manual injection testing like passing authentication in login forms.

    Does somebody have some instructions on which tools to use and how to cover most of the above scope of vulnerabilitie?

    Regards,

    Macamba

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •