Shrini, Your requirement will be satisfied by a dynamic analyzer - try HP webinspect. It's not open source though. You can download an evaluation version - for 14 days i guess and try running it. You give the login credentials in the tool and the tool will crawl the web pages and will try to exploit the application using known hacking techniques. It will basically check for owasp top ten vulnerabilities and the likes.
Hope it helps! Thanks Azeez On 16 March 2015 at 09:38, Manokaran K <manoka...@gmail.com> wrote: > One approach would be to make a list of all server requests (ajax and > non-ajax) that are accessible only to authenticated users and then access > them without being logged in using the browser console or curl. Sometimes > the frontend scripts could be the only layer that is enforcing some > (pseudo) control while the backend could be leaking information. The above > can catch such gaps. > > Cheers, > mano > > On Mon, Mar 16, 2015 at 6:36 AM Shrinivasan T <tshriniva...@gmail.com> > wrote: > > > Friends, > > > > I am trying to audit the web application we create. > > > > Exploring the tools mentioned in > > http://resources.infosecinstitute.com/14-popular-web-application- > > vulnerability-scanners/ > > > > They work good for the application with no login or with HTTP > > authentication. > > But, our web applications have custom login form. > > > > How to audit the web applications behind the login form? > > > > Please share the info about the tools you use. > > > > Thanks. > > > > > > > > -- > > Regards, > > T.Shrinivasan > > > > > > My Life with GNU/Linux : http://goinggnu.wordpress.com > > Free E-Magazine on Free Open Source Software in Tamil : > http://kaniyam.com > > > > Get CollabNet Subversion Edge : http://www.collab.net/svnedge > > _______________________________________________ > > ILUGC Mailing List: > > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > > ILUGC Mailing List Guidelines: > > http://ilugc.in/mailinglist-guidelines > > > _______________________________________________ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > ILUGC Mailing List Guidelines: > http://ilugc.in/mailinglist-guidelines > _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
