Hi everyone,
I just wanted to say thank you to each and every one of you who replied to my
beginner's questions.
Very helpful indeed! :-) Guess I have a lot of reading to do! Looking forward
to reading more posts here!
Best regards,
Jim
> Date: Tue, 4 May 2010 11:55:28 -0400
> From: [email protected]
> To: [email protected]; [email protected]
> Subject: Re: [W3af-users] New Member with Newbie Questions
>
> The OWASP top 10 project, WASC threat classification, and OWASP testing
> guide should get you on your way to understanding the flaws and what the
> w3af test results mean.
>
>
> http://www.owasp.org/index.php/Top_10
> http://projects.webappsec.org/Threat-Classification
> http://www.owasp.org/index.php/Category:OWASP_Testing_Project
>
> Testing the scanner against software with known flaws is important,
> which is why Andres' Moth, my Web Security Dojo, and the OWASP Broken
> Web Application projects exist. I also highly recommend you work
> through the OWASP WebGoat which is installed in Dojo and OWASP BWA
> projects. It is a training class that walks you through what many of the
> web security flaws are and how to find them. Of course I thing Dojo is
> the easiest way to install and use WebGoat, but I might be biased ;-)
> Dojo also includes all the documentation referenced above.
>
> http://dojo.mavensecurity.com
> http://www.bonsai-sec.com/en/research/moth.php
> http://code.google.com/p/owaspbwa/wiki/ProjectSummary
>
> As for w3af specific links, there are a few videos of Andres' talks out
> there which can be helpful in getting started, and the documentation is
> much better then most security tools out there. I'd recommend you spend
> more time learning what the flaws are and how to do manually what the
> tool tries to do using the resources above. Then if you have w3af
> specific questions, ask again here. ;-)
>
> Steve
> Alicia Danes wrote:
> > Hi everyone,
> >
> > My name is Jim and I am new to this mailing list and new to the W3af Tool.
> > I also happen to be a Linux newbie, but I have been working to change
> > that, and recently go my feet wet with Backtrack 4.
> > I got interested in W3af ever since my site got hacked. It just so
> > happens that I woke up this morning to a second attack on my site.
> >
> > I wear many hats in my self-run little company and I need to get up to
> > speed on pen-testing and security quickly. So over the weekend I gave
> > W3af a try. The trouble is, how do I go about interpreting the results?
> > The output was readable enough and made sense in several areas, but
> > other areas left me scratching my head. Apologies if this has been asked
> > before, but are there some hidden or user-written manuals (other than
> > the official one by the W3af team that I have read) that will help me
> > learn to decipher and act upon the results somewhat quickly.
> >
> > Thanks everyone! I look forward to learning more about the W3af tool and
> > its many uses!
> >
> > Best regards,
> >
> > Jim Danes
> >
> > ------------------------------------------------------------------------
> > Hotmail & Messenger. Get them on your phone now.
> > <http://go.microsoft.com/?linkid=9724456>
> >
> >
> > ------------------------------------------------------------------------
> >
> > ------------------------------------------------------------------------------
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > W3af-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
> --
> | Steven Pinkham, Security Researcher |
> | http://www.mavensecurity.com |
> | GPG public key ID CD31CAFB |
_________________________________________________________________
30 days of prizes: Hotmail makes your day easier! Enter Now.
http://go.microsoft.com/?linkid=9729710------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
