Cheers Sebastien,
Thanks for your reply. yeah I see they are infrastructure checks, just wasnt
sure if w3af had some checks of that variety that we could run "from the
inside", so to speak. I'll check out the tools you mention.
Cheers,
> Date: Fri, 2 Oct 2009 15:41:02 -0400
> Subject: Re: [W3af-users] Plugins
> From: [email protected]
> To: [email protected]
> CC: [email protected]
>
> Hi steve,
>
> w3af is a web application scanner, what you are describing are more
> infrastructure tests. Testing for weak passwords via the web is
> somewhat strange because the passwords are irrelevant if you manage to
> get an SQL injection. Your time would be better spent if you tested
> the backend directly, with bruteforce tools like Medusa or THC Hydra.
> As for thue missing patches, you would have better luck with a tool
> like Nessus.
>
> The only thing w3af might help you with is for c), the grep plugins
> might help you find that.Since they just read the content, you can
> enable all of them, it won't take longer to scan.
>
> Hope it helps,
>
> Sébastien
>
> On Fri, Oct 2, 2009 at 3:11 PM, steve jacobs <[email protected]>
> wrote:
> > Dear Seasoned w3af users -
> >
> > Do you know which w3af plugins could help my company identify:
> >
> > a) Weak SQL Server passwords for our apps that have a backend SQL DB
> > b) Weak MS Access passwords for our apps that have a backend MS Access DB
> > c) Passwords exposed in source code
> > d) Weak passwords on Windows Servers running IIS
> > e) Missing patches on Web Servers (IIS, Apache).
> >
> > Any pointers if w3af can identify these would be great.
> >
> > Regards,
> > Steve.
> >
> > ________________________________
> > View your Twitter and Flickr updates from one place – Learn more!
> > ------------------------------------------------------------------------------
> > Come build with us! The BlackBerry® Developer Conference in SF, CA
> > is the only developer event you need to attend this year. Jumpstart your
> > developing skills, take BlackBerry mobile applications to market and stay
> > ahead of the curve. Join us from November 9-12, 2009. Register now!
> > http://p.sf.net/sfu/devconf
> > _______________________________________________
> > W3af-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
> >
_________________________________________________________________
With Windows Live, you can organise, edit, and share your photos.
http://clk.atdmt.com/UKM/go/134665338/direct/01/------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
