CodingSecurity scanning software

  

Press Ctrl+Enter to quickly submit your post
Quick Reply  
 
 
  
 From:  Peter (BOUGHTONP)   9 Apr 2009 12:54 
 To:  ALL 1 of 9 
35948.1 
There's online scanning places, like ScanAlert, Trust Guard, etc, but these of course require the site to be on a server somewhere.

Is anyone aware of downloadable software that can be used to check things whilst in development?
0/0
 Reply   Quote More 

 From:  99% of gargoyles look like (MR_BASTARD)   15 Apr 2009 14:11 
 To:  Peter (BOUGHTONP)      2 of 9 
35948.2 In reply to 35948.1 
You want to check whether you've added a virus or malware to one of your sites in development? How rare.

bastard by name, bastard by nature
0/0
 Reply   Quote More 

 From:  Peter (BOUGHTONP)   15 Apr 2009 16:16 
 To:  99% of gargoyles look like (MR_BASTARD)      3 of 9 
35948.3 In reply to 35948.2 
More that I want to verify if the third-party software* I'm integrating with has any holes, such as SQL injection and similar.


(*obviously, the code I write myself is flawless)
0/0
 Reply   Quote More 

 From:  Radio   15 Apr 2009 16:24 
 To:  Peter (BOUGHTONP)      4 of 9 
35948.4 In reply to 35948.3 
Ratproxy?
Webscarab?
0/0
 Reply   Quote More 

 From:  Radio   15 Apr 2009 16:38 
 To:  Peter (BOUGHTONP)      5 of 9 
35948.5 In reply to 35948.3 

Plus, I'd be very interested to know if any of those are useful. We've just been asked to look into Security Testing, and as functional testers we're a little bit lost at sea ;-)
Those ones seem to be recommended on the testing forums I've looked at, but god knows what it is you actually do with them (as in, Webscarab can be used to intercept and modify requests between client and server, but how you use that functionality to comprehensively test the security is beyond me...)
0/0
 Reply   Quote More 

 From:  Peter (BOUGHTONP)   15 Apr 2009 17:04 
 To:  Radio      6 of 9 
35948.6 In reply to 35948.5 
Yeah, WebScarab does seem aimed at people that already know about web security... will have to investigate if there's a set of default scripts that perform appropriate tests.

RayProxy looks like a more useful out-of-the-box tool - or at least it would be if it had a binary download, instead of just C sourcecode. :(

I'll update this thread again, if/when I get anywhere with any of these.
0/0
 Reply   Quote More 

 From:  Rowan   16 Apr 2009 00:32 
 To:  Peter (BOUGHTONP)      7 of 9 
35948.7 In reply to 35948.6 
I recently heard of Watcher, which just passively listens in on you as you click about your site (via Fiddler) and comes up with a list of potential vulnerabilities. Apparently it's a bit trigger-happy, so you need to read through to weed out the false positives, but, still, might be of some use to you, maybe.
0/0
 Reply   Quote More 

 From:  Peter (BOUGHTONP)   16 Apr 2009 00:47 
 To:  Rowan      8 of 9 
35948.8 In reply to 35948.7 
Thanks, that looks potentially useful. Will try it tomorrowtoday ...bugger! *goes to bed*
0/0
 Reply   Quote More 

 From:  THERE IS NO GOD BUT (RENDLE)   16 Apr 2009 06:06 
 To:  Peter (BOUGHTONP)      9 of 9 
35948.9 In reply to 35948.6 
make is your friend.

Happy now?
0/0
 Reply   Quote More 

Reply to All    
 

1–9

Rate my interest:

Adjust text size : Smaller 10 Larger

Beehive Forum 1.5.2 |  FAQ |  Docs |  Support |  Donate! ©2002 - 2024 Project Beehive Forum

Forum Stats