Saturday, February 7, 2015

The Practice of Web Application Penetration Testing


How to build a web security penetration testing environment?
How to use brute force tool?
How to SQL Injection?
How to XSS?

Please refer to:

The Practice of Web Application Penetration Testing (pdf 1.0MB)


The Practice of Web Application Penetration Testing Online


WebCruiser Web Vulnerability Scanner 3.2.1 for Windows

WebCruiser – Web Vulnerability Scanner, a compact but powerful web security scanning tool! It has a Crawler and a Vulnerability Scanner (SQL Injection, Cross Site Scripting etc.).
It can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, Local File Inclusion, Remote File Inclusion, Redirect etc.
The most typical feature of WebCruiser comparing with other Web Vulnerability Scanners is that WebCruiser Web Vulnerability Scanner focuses on high risk vulnerabilities, and WebCruiser can scan a designated vulnerability type, or a designated URL, or a designated page separately, while the others usually will not.

V3.2.1 new features: Scan Log available, and bug fix.
V3.1.0 new features:
Support to scan LFI( Local File Inclusion), RFI( Remote File Inclusion), Redirect etc.
Important bug fix for HTTP request timeout.
Test report available :
WebCruiser Web Vulnerability Scanner Test Report (0.7MB)
Key Features:
* Crawler(Site Directories and Files).
* Vulnerability Scanner: SQL Injection, Cross Site Scripting, LFI, RFI, Redirect etc.
* WAVSEP v1.5 SQL Injection & XSS test cases 100% covered.
* SQL Injection POC Tool: GET/Post/Cookie Injection POC(Proof of Concept).
* SQL Injection for SQL Server: PlainText/Union/Blind Injection.
* SQL Injection for MySQL: PlainText/Union/Blind Injection.
* SQL Injection for Oracle: PlainText/Union/Blind/CrossSite Injection.
* SQL Injection for DB2: Union/Blind Injection.
* SQL Injection for Access: Union/Blind Injection.
* POC Tool for XSS, LFI, RFI, Redirect etc.
* Resend Tool.
* Bruter Tool.
* Cookie Tool.
WebCruiser Web Vulnerability Scanner for Windows User Guide V3.1 (1.8MB)


Friday, November 1, 2013

WebCruiser Web Vulnerability Scanner for Mac OS X

WebCruiser Web Vulnerability Scanner, an effective web penetration testing tool that will aid you in auditing your website! It has a Vulnerability Scanner and a HTTP request resend tools.
Features:
1. Web Vulnerability Scanner, include SQL Injection and Cross Site Scripting.
2. Web Security Tools, include GET/POST Resend Tool and Cookie Tool.


WebCruiser Web Vulnerability Scanner for Mac OS X 10.7+ is now available on Mac App Store



Screenshots

Screenshot 1
Screenshot 2
Screenshot 3

Saturday, July 7, 2012

WebCruiser Web Vulnerability Scanner for iPhone & iPad


Requirements: Jailbroken iOS 5.0+
Download link: Seach "WebCruiser" using the Cydia application on your iPhone or iPad, description:http://moreinfo.thebigboss.org/moreinfo/depiction.php?file=webcruiserDp
WebCruiser Web Vulnerability Scanner for iOS, an effective and convenient web penetration testing tool that will aid you in auditing your website!
WebCruiser can find the following web vulnerabilities currently:
* GET SQL Injection(Int, String, Search)
* POST SQL Injection(Int, String, Search)
* Cross Site Scripting(XSS)
The iOS edition will not supply the function of vulnerabilities utilization, if you need Proof of Concept, please get a PC edition.
Web Vulnerabilities Demo Site: http://vulnweb.janusec.com/
All Rights Reserved by Janusec
Web: http://www.janusec.com/
Twitter: http://twitter.com/janusec



Tuesday, August 9, 2011

HTTP Sniffer for iPhone and iPad Screenshots

HTTP Sniffer for iPhone & iPad 

Screenshots


iPhone Screenshot 1
iPhone Screenshot 2
iPhone Screenshot 3
iPhone Screenshot 4
iPhone Screenshot 5
iPad Screenshot 1
iPad Screenshot 2
iPad Screenshot 3
iPad Screenshot 4

HTTP Sniffer for iPhone and iPad

HTTP Sniffer for iPhone & iPad is a manual web security testing tool which can capture HTTP requests, include request headers, post data, and you can modify the request and then resend them.
You can get the response headers and source code only, or load the response in web browser.

Notice:
1. Using HTTP Sniffer requires network connection, and Wi-Fi network is preferred.
2. HTTP Sniffer will not capture the requests of other applications, it capture the requests of its own only.
3. HTTP Sniffer is designed for web security professionals only, used for web security penetration testing, such as SQL Injection, Cross-site Scripting(XSS) etc.

Key features:
1. HTTP (Get, Post etc.) Sniffer;
2. HTTP request replay (resend);
3. HTTPS support.



App Store:
http://itunes.apple.com/us/app/http-sniffer/id451037645?ls=1&mt=8

Thursday, July 8, 2010

Which is the most effective Web Vulnerability Scanner?

Hackers can get plenty of sensitive data such as the whole database which include customer's details and corporate data through web application vulnerabilities.
Any defense at network layer will guarantee no protection against web attacks since they are launched on usual port 80 or 443– which has to remain open. In addition, web application security auditing is often done from the developer's perspective – checking the source code for possible security issues, which is called "White-Box Testing", that can leave gaps in the application security.

To create a secure web application, you need to combine developer's approach and hacker's approach – checking security issues after the code leaves the development environment, which is called "Black-Box Testing". To provide continues protection to your web application, this task needs to be done automatically and regularly – such as is provided by WebCruiser – Web Vulnerability Scanner.
WebCruiser – Web Vulnerability Scanner lets you view your web application security problems from the hacker's perspective – it doesn't check the code, but can tell how one could circumvent your application's security by SQL Injection, Cross Site Scripting etc.

To perform a scan, you simply input the URL and click "Scan Site" to start a whole web site scanning or click "Scan URL" to start a single page scanning. WebCruiser can also launch a multi-site scan based on entries in a file.

The scanner comes with many built-in scanning test tools such as SQL Injection, Cross Site Scripting and more. The default option performs all tests. However, to speed the scanning process, you can perform particular tests.

WebCruiser – Web Vulnerability Scanner, is the most effective tool to audit your web application. WebCruiser focuses its attention on the web application and provides you with information on security issues that hackers can exploit. So, whether you are a web application developer or a security auditor, WebCruiser – Web Vulnerability Scanner is an essential tool to ensure the security of your web application. download a copy of WebCruiser – Web Vulnerability Scanner.