[Ilugc] Web application security audit

• From: vik@xxxxxxxxxxxxxxx (Vikas Tara)
• Date: Mon, 16 Mar 2015 15:21:35 +0000

On 16/03/15 15:01, Vikas Tara wrote:

On 16/03/15 04:08, Manokaran K wrote:

They work good for the application with no login or with HTTP

authentication.
But, our web applications have custom login form.

You shouldn?t have problems with either webscarab or w3af, both of these
AFAIK support
you executing logins over http.

webscarab or any http proxy will grab the relevant information for you -
you can then manipulate those values in order
to pen test your application.
http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/

The proprietary tools make this step a bit more point and click, but
essentially do the same thing.

Although this looks interesting and suggested it can perform dynamic scans
http://www.arachni-scanner.com/

-- 
Founder - Hamara Linux
www.hamaralinux.org
www.twitter.com/hamaralinux

• References:
  • [Ilugc] Web application security audit
    • From: Shrinivasan T
  • [Ilugc] Web application security audit
    • From: Manokaran K
  • [Ilugc] Web application security audit
    • From: Vikas Tara

Other related posts:

• » [Ilugc] Web application security audit- Shrinivasan T
• » [Ilugc] Web application security audit- S Suresh
• » [Ilugc] Web application security audit- Manokaran K
• » [Ilugc] Web application security audit- hafizul azeez
• » [Ilugc] Web application security audit- Shakthi Kannan
• » [Ilugc] Web application security audit- hafizul azeez
• » [Ilugc] Web application security audit- Vikas Tara
• » [Ilugc] Web application security audit - Vikas Tara

1. Home
2. ilugc
3. Archive
4. 03-2015

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---