Jump to content


Photo
- - - - -

Automated web app pentesting tools?


  • Please log in to reply
4 replies to this topic

#1 Swerve

Swerve

    Dangerous free thinker

  • Members
  • 809 posts
  • Country:
  • Gender:Male

Posted 27 February 2012 - 04:07 PM

I'm just creating an eCommerce site from scratch using PHP/MySQL and I'm doing my best to cover all angles, but I'm not to knowledgeable about cracking.

I'm not too worried about vulnerabilities on the server as it's with a large well known hosting company, so I hope they've got that side of things covered, but with regards to my app I might well of made some mistakes.

Can anyone recommend some tools I can use against the site to test for vulnerabilities?

I'm running it on a LAMP stack on localhost at present, so if I could run the tests whilst it's hosted on that it would be nice.

Don't mind what OS, just looking for advice/tips really.

Thanks a lot :)

#2 redshift

redshift

    Will I break 10 posts?

  • Members
  • 5 posts
  • Gender:Not Telling
  • Location:127.0.0.1

Posted 28 February 2012 - 07:31 AM

Though web app pen-testing is not my strong point I do know you can use burp suite. The professional version has some really good automating tools to use to show the flaws within you site. The professional version will set you back about 300 USD.

They also have a free version, but it does not exactly have everything you are looking for.
Here is a link to Burp.

#3 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 28 February 2012 - 09:40 PM

XSS Me firefox addon

#4 Swerve

Swerve

    Dangerous free thinker

  • Members
  • 809 posts
  • Country:
  • Gender:Male

Posted 02 March 2012 - 10:07 AM

Thanks guys, some good ones there, will give them a blast over the next week or so once the codings been completed.

Appreciated.

#5 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 186 posts
  • Country:
  • Gender:Male

Posted 02 March 2012 - 01:02 PM

You could try WebScarab.

WebScarab

There's a getting started page here

Getting Started

Good luck and may the force be with you!




BinRev is hosted by the great people at Lunarpages!