No search hits for: * social engineering * impersonate Am I missing something or does this document miss half of IT security, from the word go?
On Mon, Oct 20, 2008 at 12:04 PM, Marghanita da Cruz <[EMAIL PROTECTED]> wrote: > Amos, > > You might like to check the Australian Government ICT Security Manual (ISM) > it > tends to talk at a higher conceptual level than specific applications. But > provides useful contextual information...I would be interested in your > comments > about its relevance/comprehensiveness. > <http://www.dsd.gov.au/library/infosec/ism.html> > > Marghanita > > Morgan Storey wrote: >> >> Hi Amos, >> >> That isn't a bad list, I tend to direct people to >> http://sectools.org/vuln-scanners.html even though it is a little >> dated, and doesn't mention OpenVAS (Nessus forked and OpenVAS is truly >> OSS), I also use Webscarab, Xenu (just a link checker but gives you a >> good list of the site), W3af, as it is open source and does some nice >> fuzzing through its proxy, Nikto/Wikto and Nmap if it is more than >> just web. >> These are all just auto tests, they won't find everything and there >> are some false finds too, so you also have to have a look at >> techniques like sql injection (you can get sql injection tools like >> the Acuntix, but it is not cheap), and imho you are better learning >> the techniques yourself, cause if you know how a tool works you are so >> much better off. >> >> Regards >> >> On 10/16/08, Amos Shapira <[EMAIL PROTECTED]> wrote: >>> >>> Hello, >>> >>> I need to find tools to run penetration testing on our external web >>> interfaces (a web application and an HTTP-based data interface). >>> >>> The idea is to be able to run automatic tests on new releases before >>> deployment. Stress is on "automatic". >>> >>> Has anyone here got good experience with such tools? I'm digging through >>> the net and found lots of lists (e.g. >>> >>> http://www.samurainet.org/blog/2008/05/12/web-application-penetration-testing-my-tools-of-the-trade/) >>> but if someone can give some input from their personal experience on >>> what's >>> worth pursuing and what's a waste of time it'll, well..., might save us >>> some >>> time. >>> >>> Thanks, >>> >>> --Amos >>> -- >>> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ >>> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >>> >> >> > > > -- > Marghanita da Cruz > http://www.ramin.com.au > Phone: (+61)0414 869202 > > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
