Comments on: 2007 Security Testing tools in review http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/ top secret/secure computing information Tue, 14 Oct 2008 11:05:06 +0000 http://wordpress.org/?v=2.2.3 By: xzid http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-4913 xzid Thu, 06 Mar 2008 07:37:24 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-4913 Good post! I want to find the tools that manage the workflow of network(|website) auditing process. This tool accoding to some method as OWASP, ISSAF,OSTMM,.. (ex: Step 1: include checklist, questionaire,... --> pass??...something like that). Can you give me some advice?? Good post! I want to find the tools that manage the workflow of network(|website) auditing process. This tool accoding to some method as OWASP, ISSAF,OSTMM,.. (ex: Step 1: include checklist, questionaire,… –> pass??…something like that).
Can you give me some advice??

]]> By: dre http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-3979 dre Tue, 22 Jan 2008 19:00:32 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-3979 @ woany : You have strange timing. I just found your blog/site yesterday after reading Dinis Cruz' blog entry from 9 months ago on <a href="http://blogs.owasp.org/diniscruz/2007/03/26/lists-of-tools-for-vmware-box/" rel="nofollow">lists of tools for vmware</a>. I must have skipped it when I read this last year. Your site has a long list of tools, especially useful for a C# or VB.NET developer. Of immediate interest to me were the ASP.NET Backdoors (because I know people obsessed with collecting and researching these), and the HTTP Library (which reminds me of the Jakarta Commons HttpClient or Billy Hoffman's favorite from Innovation.Ch, who also has an online Java compiler -- <a href="http://www.innovation.ch/java/HTTPClient/" rel="nofollow">HTTPClient</a>). nnikto also looked interesting, as well as filefolderenum. RequesterRaw looks like a more simple (and less integrated) Burp Intruder or Suru, but I will check it out. Looks like you've done some interesting web application and network security research with these tools! If I find a spot to mention them in the future -- I will certainly do so. @ woany :

You have strange timing. I just found your blog/site yesterday after reading Dinis Cruz’ blog entry from 9 months ago on lists of tools for vmware. I must have skipped it when I read this last year.

Your site has a long list of tools, especially useful for a C# or VB.NET developer. Of immediate interest to me were the ASP.NET Backdoors (because I know people obsessed with collecting and researching these), and the HTTP Library (which reminds me of the Jakarta Commons HttpClient or Billy Hoffman’s favorite from Innovation.Ch, who also has an online Java compiler — HTTPClient). nnikto also looked interesting, as well as filefolderenum.

RequesterRaw looks like a more simple (and less integrated) Burp Intruder or Suru, but I will check it out. Looks like you’ve done some interesting web application and network security research with these tools! If I find a spot to mention them in the future — I will certainly do so.

]]> By: woany http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-3978 woany Tue, 22 Jan 2008 17:44:19 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-3978 You could try sslciphercheck (http://www.woany.co.uk/blogs/woanware/pages/sslciphercheck.aspx), which combines the THC and Foundstone stuff. And RequesterRaw for all your HTTP(S) fuzzing, is flexible enough for any HTTP requests (http://www.woany.co.uk/blogs/woanware/pages/requesterraw.aspx) And filefolderenum for file/folder bruteforcing (http://www.woany.co.uk/blogs/woanware/pages/filefolderenum.aspx) You could try sslciphercheck (http://www.woany.co.uk/blogs/woanware/pages/sslciphercheck.aspx), which combines the THC and Foundstone stuff.

And RequesterRaw for all your HTTP(S) fuzzing, is flexible enough for any HTTP requests (http://www.woany.co.uk/blogs/woanware/pages/requesterraw.aspx)

And filefolderenum for file/folder bruteforcing (http://www.woany.co.uk/blogs/woanware/pages/filefolderenum.aspx)

]]> By: jinxpuppy http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-3349 jinxpuppy Sat, 29 Dec 2007 18:34:28 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-3349 Fantastic post! Fantastic post!

]]> By: EchGuest http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-3306 EchGuest Fri, 28 Dec 2007 23:39:43 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-3306 my god , it will take me ages to play with all of this stuff , just awesome , thankss my god , it will take me ages to play with all of this stuff , just awesome , thankss

]]> By: Marcin http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-2816 Marcin Wed, 05 Dec 2007 17:44:45 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-2816 damn... I didn't think it would affect the post within the RSS feed. I wanted to shorten up the home page and let me people view an excerpt quickly without having to scroll forever, since 5 posts made it super long. Sorry about that. damn… I didn’t think it would affect the post within the RSS feed. I wanted to shorten up the home page and let me people view an excerpt quickly without having to scroll forever, since 5 posts made it super long.

Sorry about that.

]]> By: LonerVamp http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-2815 LonerVamp Wed, 05 Dec 2007 17:28:58 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-2815 Boo, to the "more" in the rss feed! Boo, to the “more” in the rss feed!

]]> By: nEUrOO http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-2785 nEUrOO Mon, 03 Dec 2007 20:38:16 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-2785 andre, you should write about the perfect tools for you, I'm sure that would be interesting :) andre, you should write about the perfect tools for you, I’m sure that would be interesting :)

]]> By: Javier http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-2784 Javier Mon, 03 Dec 2007 15:52:06 +0000 http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/#comment-2784 Wow!!! amazing post dude, most of the tools you talked are amazing with pros and cons... :'( need to keep developing ... i really miss it :D Wow!!! amazing post dude, most of the tools you talked are amazing with pros and cons… :’( need to keep developing … i really miss it :D

]]>