Hi
My 2 cents:-
Get a confirmation from your company about the this certification (that
it will add value to your present career in the firm), as usually people go
for other certs (as this is a very basic one, and probably your money could
be better invested somewhere else, unless your company is paying for it)
like C|EH, CISSP, CISA, OSCP, etc.
Also, speak to your manager about the impact of all certifications, and
then choose whichever one makes bigger impact; IMHO, that's what certs do,
they elevate your resume;
Technically speaking, I've found that asking questions on forums like
null, stackoverflow and likes, coupled with lot of homeworks, works better
than any cert in improving the security knowledge.
Regards
Maanav
-----Original Message-----
From: websecurity [mailto:websecurity-bounces@lists.webappsec.org] On Behalf
Of Muruganandam C
Sent: Friday, May 24, 2013 2:05 PM
To: daryl d
Cc: webappsec@securityfocus.com; pen-test@securityfocus.com; web security
Subject: [WEB SECURITY] Security+ cert info reuired
Hi,
I would like to know about the certification security+. Has anyone completed
recently. how was the exam and time required for prepration.
Thanks
Muruganandam
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi,
you may also want to try WATOBO - THE Web Application Toolbox.
WATOBO is a security tool for web applications. It is intended to enable
security professionals to perform efficient (semi-automated) web
application security audits.
Most important features:
Check out the online documentation and video tutorials at
http://watobo.sourceforge.net
regards,
andy (author of watobo ;)
Am 25.05.2013 00:13, schrieb Rohit Pitke:
Additionally, you can use Ratproxy and skipfish.
If you are concerned about individual vulnerabilities, I would suggest
sqlmap (for SQL injection), XSSRay (for XSS), Nikto (Directory Access)
From: Seba seba@owasp.org
To: Muruganandam C muruganandam.c@gmail.com
Cc: webappsec@securityfocus.com; pen-test@securityfocus.com; web
security websecurity@webappsec.org
Sent: Wednesday, May 22, 2013 11:48 PM
Subject: Re: [WEB SECURITY] Need a Opensource tool for application
scanning
Hi Muruganandam,
OWASP Zed Attack Proxy Project is the perfect tool for you.
It has automated scanners as well as a set of tools that allow you to
find security vulnerabilities manually.
more info & download
on https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
regards
Seba
On Thu, May 23, 2013 at 8:35 AM, Muruganandam C
<muruganandam.c@gmail.com mailto:muruganandam.c@gmail.com> wrote:
Hi All,
could you please let me know about application vulnerability
scanning tool.
Thanks
Muruganandam
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
<mailto:websecurity@lists.webappsec.org>
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org mailto:websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
My fork skyfallsec
https://bitbucket.org/skyfallsec
Slides
http://www.slideshare.net/firebits/skyfall-b-sidesc00led5sp2013
@firebitsbr
2013/6/7 Andreas Schmidt webappsec@siberas.de
Hi,
you may also want to try WATOBO - THE Web Application Toolbox.
WATOBO is a security tool for web applications. It is intended to enable
security professionals to perform efficient (semi-automated) web
application security audits.
Most important features:
Check out the online documentation and video tutorials at
http://watobo.sourceforge.net
regards,
andy (author of watobo ;)
Am 25.05.2013 00:13, schrieb Rohit Pitke:
Additionally, you can use Ratproxy and skipfish.
If you are concerned about individual vulnerabilities, I would suggest
sqlmap (for SQL injection), XSSRay (for XSS), Nikto (Directory Access)
From: Seba seba@owasp.org seba@owasp.org
To: Muruganandam C muruganandam.c@gmail.com muruganandam.c@gmail.com
Cc: webappsec@securityfocus.com; pen-test@securityfocus.com; web
security websecurity@webappsec.org websecurity@webappsec.org
Sent: Wednesday, May 22, 2013 11:48 PM
Subject: Re: [WEB SECURITY] Need a Opensource tool for application
scanning
Hi Muruganandam,
OWASP Zed Attack Proxy Project is the perfect tool for you.
It has automated scanners as well as a set of tools that allow you to find
security vulnerabilities manually.
more info & download on
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
regards
Seba
On Thu, May 23, 2013 at 8:35 AM, Muruganandam C muruganandam.c@gmail.comwrote:
Hi All,
could you please let me know about application vulnerability scanning tool.
Thanks
Muruganandam
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feedhttp://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitterhttp://twitter.com/wascupdates
websecurity@lists.webappsec.orghttp://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi all,
I recommend you try our tool, Vega. It has a fully automated (crawler)
and semi-automated proxy scanning. We've been actively improving it.
Vega is written in Java and runs on OS X, Linux, Windows.
You can download it at http://www.subgraph.com and it is included with
Kali Linux.
The source is on github @ http://github.com/subgraph/Vega. The license
is EPL 1.0.
There is a presentation in this blog post that walks through some of the
features:
http://keystream.subgraph.com/2013/02/22/northsec-confoo-and-the-vega-1-0-release/
On 06/07/2013 03:21 PM, firebits wrote:
My fork skyfallsec
https://bitbucket.org/skyfallsec
Slides
http://www.slideshare.net/firebits/skyfall-b-sidesc00led5sp2013
@firebitsbr
--
David Mirza Ahmad
dma@subgraph.com | @attractr
Subgraph | @subgraph
Vega, the Open Source Web Security Platform
http://www.subgraph.com
78A1 CCFD 1C60 4BA7 5E1C C1F2 42D7 08C0 2520 8C7B