[Ilugc] Web application security audit

• From: vik@xxxxxxxxxxxxxxx (Vikas Tara)
• Date: Mon, 16 Mar 2015 15:01:13 +0000

On 16/03/15 04:08, Manokaran K wrote:

They work good for the application with no login or with HTTP

authentication.
But, our web applications have custom login form.

You shouldn?t have problems with either webscarab or w3af, both of these 
AFAIK support
you executing logins over http.

webscarab or any http proxy will grab the relevant information for you - 
you can then manipulate those values in order
to pen test your application.
http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/

The proprietary tools make this step a bit more point and click, but 
essentially do the same thing.

HTH


Vik

-- 
Founder - Hamara Linux
www.hamaralinux.org
www.twitter.com/hamaralinux

• Follow-Ups:
  • [Ilugc] Web application security audit
    • From: Vikas Tara

• References:
  • [Ilugc] Web application security audit
    • From: Shrinivasan T
  • [Ilugc] Web application security audit
    • From: Manokaran K

Other related posts:

• » [Ilugc] Web application security audit- Shrinivasan T
• » [Ilugc] Web application security audit- S Suresh
• » [Ilugc] Web application security audit- Manokaran K
• » [Ilugc] Web application security audit- hafizul azeez
• » [Ilugc] Web application security audit- Shakthi Kannan
• » [Ilugc] Web application security audit- hafizul azeez
• » [Ilugc] Web application security audit - Vikas Tara
• » [Ilugc] Web application security audit- Vikas Tara

1. Home
2. ilugc
3. Archive
4. 03-2015

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---