Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > webappsec > 03 > 020482.html (Request Expert securityfocus.com Support)

RE: Your help gratefully received

From: Michael Howard <mikehow(at)microsoft.com>
Date: Thu Feb 27 2003 - 15:01:09 EST


look at the threats to the system - then choose your tools...  

as for tools, i tend to use perl scripts i wrote :-)

From: Craig_Sullivan@Waitrose.co.uk [mailto:Craig_Sullivan@Waitrose.co.uk] Sent: Thu 2/27/2003 9:37 AM
To: webappsec@securityfocus.com
Subject: Your help gratefully received

Hi,

I'm conducting a web app sec review for someone and would like some advice.

I am assembling some tools that I need to use and also the areas that I am going to concentrate upon during my assessment.

The objective here is to see how well I can do against an automated appsec scanning product against a non commercial test server in the lab.

The questions I have are:

Do you need help?X

What tools do you recommend (for general and specific use e.g. proxies, scanners, site dumping etc. etc.)
What areas should I concentrate on (e.g. state management, SSL, XSS, SQL injection etc.)
What webapp security resources do you use and can recommend

Thanks very much in advance,

Regards,

Craig.

Notice: This email is confidential and may contain copyright material of the John Lewis Partnership. If you are not the intended recipient, please notify us immediately and delete all copies of this message. (Please note that it is your responsibility to scan this message for viruses). 

John Lewis plc                  Registered in England 233462
Registered office               171 Victoria Street London SW1E 5NN

Websites: http://www.johnlewis.com and http://www.waitrose.com Received on Thu Feb 27 15:25:10 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library