Dear all,
Anyone knows whether there are any practical restriction on the use of Web
application open sources tools such as nikto, nessus,whisker, Achilles,
WebProxy, Exodus, SPIKE, etc in testing a Japanese or Chinese Web servers?
For example, would
the system paths for the files be different and probably not in english. In
that case, how would a tool detect
for example the presence of vulnerability scripts?
Do you need a Japanese/Chinese version of WebInspect and AppScan to test
out a web application?
Regards,
Wing Hon
"Kevin Spett"
<kspett@spidynami To: "raymond" <ip_raymondat_private>, <pen-testat_private>
cs.com> cc:
Subject: Re: WebService pentest tool
01/05/2003 10:56
PM
The latest version of WebInspect (http://www.spidynamics.com/product.html)
includes the ability to audit web services. It can be used for both
automated scanning and manual request manipulation.
Kevin Spett
SPI Labs
http://www.spidynamics.com/
----- Original Message -----
From: "raymond" <ip_raymondat_private>
To: <pen-testat_private>
Sent: Wednesday, April 30, 2003 2:56 AM
Subject: WebService pentest tool
> Hi,
>
> I am on the way to complete to build a WebService
> using SunWebService Package. Do anyone hv the
> experience and tools to pentest the WebService ?
>
> Many thanks, Raymond.
>
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
>
>
--------------------------------------------------------------------------
-
> Did you know that you have VNC running on your network?
> Your hacker does.
> Plug your security holes.
> Download a free 15-day trial of VAM:
> http://www.securityfocus.com/StillSecure-pen-test
>
--------------------------------------------------------------------------
--
>
>
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
_________________________________________________________________
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
---------------------------------------------------------------------------
Latest attack techniques.
You're a pen tester, but is google.com still your R&D team? Now you can get
trustworthy commercial-grade exploits and the latest techniques from a
world-class research group.
Visit us at: www.coresecurity.com/promos/sf_ept1
or call 617-399-6980
----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jun 23 2003 - 13:51:20 PDT