| Grendel-Scan | ||
|
Main Blog Downloads Support Resources Help Wanted Penetration Testing Contact Us |
Below are links to other resources for testing web application security.
Documentation I highly recomend The Web Application Hacker's Handbook, especially for someone just starting out with web app security. OWASP has a number of resources, but some of them need more work. They also have local chapter meetings. SQL Injection Cheatsheet XSS Cheatsheet Tools Mark Woan has written a number of useful tools for web app testing that don't get much attention. Absinthe is a good tool for automatic extraction of data through SQL injection. SQLMap is another good data extraction tool. It has more features than Absinthe, but can be harder to use. There are a ton of Firefox plugins that I use for testing. Most of them are geared at developers, but are also very useful for manual application penetration tests. For the record, I don't have anything against IE, it just doesn't have the same selection of plugins. Add N Edit Cookies Cert Viewer Plus Console2 CookieSafe CookieSwap CustomizeGoogle - Helps a little with search-engine recon DOM Inspector Firebug FoxyProxy - Extreemly useful for testing with an intercepting proxy JavaScript Options JSView Live HTTP Headers Search Marker Uppity User Agent Switcher Web Developer Other intercepting proxies (Grendel does this too) Burp Charles Proxy - Has some useful Flash features Fiddler Paros Webscarab - My favorite before I wrote Grendel Other open source web app scanners Nikto - Isn't quite the same because it is designed to find existing vulnerabilities. Grendel can run the tests found in the Nikto database. W3af Wikto - Very similar to Nikto, but with a few more features Commercial web app scanners Acunetix AppScan N-Stalker NTOSpider WebInspect |
|