PROJECT - competition landscape for APPSEC
Hi
My 2 cents:-
-
Get a confirmation from your company about the this certification (that
it will add value to your present career in the firm), as usually people go
for other certs (as this is a very basic one, and probably your money could
be better invested somewhere else, unless your company is paying for it)
like C|EH, CISSP, CISA, OSCP, etc. -
Also, speak to your manager about the impact of all certifications, and
then choose whichever one makes bigger impact; IMHO, that's what certs do,
they elevate your resume; -
Technically speaking, I've found that asking questions on forums like
null, stackoverflow and likes, coupled with lot of homeworks, works better
than any cert in improving the security knowledge.
Regards
Maanav
-----Original Message-----
From: websecurity [mailto:websecurity-bounces@lists.webappsec.org] On Behalf
Of Muruganandam C
Sent: Friday, May 24, 2013 2:05 PM
To: daryl d
Cc: webappsec@securityfocus.com; pen-test@securityfocus.com; web security
Subject: [WEB SECURITY] Security+ cert info reuired
Hi,
I would like to know about the certification security+. Has anyone completed
recently. how was the exam and time required for prepration.
Thanks
Muruganandam
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi,
you may also want to try WATOBO - THE Web Application Toolbox.
WATOBO is a security tool for web applications. It is intended to enable
security professionals to perform efficient (semi-automated) web
application security audits.
Most important features:
- WATOBO has Session Management capabilities! You can define login
scripts as well as logout signatures. So you don't have to login
manually each time you get logged out. - WATOB can act as a transparent proxy (requires nfqueue)
- WATOBO can perform vulnerability checks out of the box
- WATOBO can perform checks on functions which are protected by
Anti-CSRF-/One-Time-Tokens - WATOBO supports Inline De-/Encoding, so you don't have to copy strings
to a transcoder and back again. Just do it inside the request/response
window with a simple mouse click. - WATOBO has smart filter functions, so you can find and navigate to the
most interesting parts of the application easily. - WATOBO is written in (FX)Ruby and enables you to easily define your
own checks - WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby
- WATOBO is free software ( licensed under the GNU General Public
License Version 2)
Check out the online documentation and video tutorials at
http://watobo.sourceforge.net
regards,
andy (author of watobo ;)
Am 25.05.2013 00:13, schrieb Rohit Pitke:
Additionally, you can use Ratproxy and skipfish.
If you are concerned about individual vulnerabilities, I would suggest
sqlmap (for SQL injection), XSSRay (for XSS), Nikto (Directory Access)
From: Seba seba@owasp.org
To: Muruganandam C muruganandam.c@gmail.com
Cc: webappsec@securityfocus.com; pen-test@securityfocus.com; web
security websecurity@webappsec.org
Sent: Wednesday, May 22, 2013 11:48 PM
Subject: Re: [WEB SECURITY] Need a Opensource tool for application
scanning
Hi Muruganandam,
OWASP Zed Attack Proxy Project is the perfect tool for you.
It has automated scanners as well as a set of tools that allow you to
find security vulnerabilities manually.
more info & download
on https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
regards
Seba
On Thu, May 23, 2013 at 8:35 AM, Muruganandam C
<muruganandam.c@gmail.com mailto:muruganandam.c@gmail.com> wrote:
Hi All,
could you please let me know about application vulnerability
scanning tool.
Thanks
Muruganandam
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
<mailto:websecurity@lists.webappsec.org>
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org mailto:websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
My fork skyfallsec
https://bitbucket.org/skyfallsec
Slides
http://www.slideshare.net/firebits/skyfall-b-sidesc00led5sp2013
@firebitsbr
2013/6/7 Andreas Schmidt webappsec@siberas.de
Hi,
you may also want to try WATOBO - THE Web Application Toolbox.
WATOBO is a security tool for web applications. It is intended to enable
security professionals to perform efficient (semi-automated) web
application security audits.
Most important features:
- WATOBO has Session Management capabilities! You can define login scripts
as well as logout signatures. So you don’t have to login manually each time
you get logged out. - WATOB can act as a transparent proxy (requires nfqueue)
- WATOBO can perform vulnerability checks out of the box
- WATOBO can perform checks on functions which are protected by
Anti-CSRF-/One-Time-Tokens - WATOBO supports Inline De-/Encoding, so you don’t have to copy strings
to a transcoder and back again. Just do it inside the request/response
window with a simple mouse click. - WATOBO has smart filter functions, so you can find and navigate to the
most interesting parts of the application easily. - WATOBO is written in (FX)Ruby and enables you to easily define your own
checks - WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby
- WATOBO is free software ( licensed under the GNU General Public License
Version 2)
Check out the online documentation and video tutorials at
http://watobo.sourceforge.net
regards,
andy (author of watobo ;)
Am 25.05.2013 00:13, schrieb Rohit Pitke:
Additionally, you can use Ratproxy and skipfish.
If you are concerned about individual vulnerabilities, I would suggest
sqlmap (for SQL injection), XSSRay (for XSS), Nikto (Directory Access)
From: Seba seba@owasp.org seba@owasp.org
To: Muruganandam C muruganandam.c@gmail.com muruganandam.c@gmail.com
Cc: webappsec@securityfocus.com; pen-test@securityfocus.com; web
security websecurity@webappsec.org websecurity@webappsec.org
Sent: Wednesday, May 22, 2013 11:48 PM
Subject: Re: [WEB SECURITY] Need a Opensource tool for application
scanning
Hi Muruganandam,
OWASP Zed Attack Proxy Project is the perfect tool for you.
It has automated scanners as well as a set of tools that allow you to find
security vulnerabilities manually.
more info & download on
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
regards
Seba
On Thu, May 23, 2013 at 8:35 AM, Muruganandam C muruganandam.c@gmail.comwrote:
Hi All,
could you please let me know about application vulnerability scanning tool.
Thanks
Muruganandam
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feedhttp://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitterhttp://twitter.com/wascupdates
websecurity@lists.webappsec.orghttp://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi all,
I recommend you try our tool, Vega. It has a fully automated (crawler)
and semi-automated proxy scanning. We've been actively improving it.
Vega is written in Java and runs on OS X, Linux, Windows.
You can download it at http://www.subgraph.com and it is included with
Kali Linux.
The source is on github @ http://github.com/subgraph/Vega. The license
is EPL 1.0.
There is a presentation in this blog post that walks through some of the
features:
http://keystream.subgraph.com/2013/02/22/northsec-confoo-and-the-vega-1-0-release/
On 06/07/2013 03:21 PM, firebits wrote:
My fork skyfallsec
https://bitbucket.org/skyfallsec
Slides
http://www.slideshare.net/firebits/skyfall-b-sidesc00led5sp2013
@firebitsbr
--
David Mirza Ahmad
dma@subgraph.com | @attractr
Subgraph | @subgraph
Vega, the Open Source Web Security Platform
http://www.subgraph.com
78A1 CCFD 1C60 4BA7 5E1C C1F2 42D7 08C0 2520 8C7B