You’ve already got it! It is laying on your PC and it is called the shell. The shell was designed to start/strop and control process with ease so why do we need yet another universal pen-testing framework, which does what another tool is already doing for us and it comes by default? In this post we are going to delve in the world of advanced shell programming for penetration testing purposes.
The shell is defacto the interface to your operating system. [...]
Those of you who frequently use our tools on secapps.com are probably aware of the existence of a brand new application called WebAcid. This post is all about the WebAcid framework and what are my plans and hopes for this project.
I have to say that the market is already saturated with web application security testing frameworks. We’ve got nikto, jikto, burp, paros proxy, rat proxy, w3af, Metasploit’s wmap, a bunch of commercial tools and tones of browser extensions. [...]
For those of you who are new to these things, NASL stands for Nessus Attack Scripting Language. NASL is part of the closed-source Nessus vulnerability scanner and its open-source form called OpenVAS (Open Vulnerability Assessment System).
Nessus plays big part in the hearts of many administrators, security consultants and scanning vendors. Nessus practically was the first stable and well maintained open-source security scanner until they closed the source.
So, what about NASL? [...]
I don’t want to brag about it but this project was slashed in 5 minutes and this is not due to some amazing tech wizardy. It is mainly due to the powerful Java development platform and the tones of development information resources, Java coders have on their hands. I just made use of them. This morning I had some thoughts around the Metasploit and w3af projects and how the GNUCITIZEN team can contribute some modules to make both of them even more powerful. [...]
test your web apps with websecurify application security testing runtime