Dear all, Anyone knows whether there are any practical restriction on the use of Web application open sources tools such as nikto, nessus,whisker, Achilles, WebProxy, Exodus, SPIKE, etc in testing a Japanese or Chinese Web servers? For example, would the system paths for the files be different and probably not in english. In that case, how would a tool detect for example the presence of vulnerability scripts? Do you need a Japanese/Chinese version of WebInspect and AppScan to test out a web application? Regards, Wing Hon "Kevin Spett" <kspett@spidynami To: "raymond" <ip_raymondat_private>, <pen-testat_private> cs.com> cc: Subject: Re: WebService pentest tool 01/05/2003 10:56 PM The latest version of WebInspect (http://www.spidynamics.com/product.html) includes the ability to audit web services. It can be used for both automated scanning and manual request manipulation. Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "raymond" <ip_raymondat_private> To: <pen-testat_private> Sent: Wednesday, April 30, 2003 2:56 AM Subject: WebService pentest tool > Hi, > > I am on the way to complete to build a WebService > using SunWebService Package. Do anyone hv the > experience and tools to pentest the WebService ? > > Many thanks, Raymond. > > > __________________________________ > Do you Yahoo!? > The New Yahoo! Search - Faster. Easier. Bingo. > http://search.yahoo.com > > -------------------------------------------------------------------------- - > Did you know that you have VNC running on your network? > Your hacker does. > Plug your security holes. > Download a free 15-day trial of VAM: > http://www.securityfocus.com/StillSecure-pen-test > -------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ---------------------------------------------------------------------------- _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. --------------------------------------------------------------------------- Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jun 23 2003 - 13:51:20 PDT