subject:"Re\: \[Owasp\-delhi\] Tools for Web Server V A"

Re: [Owasp-delhi] Tools for Web Server V A

2010-03-25 Thread vishal

Can any one suggest us how to reslove the cross site scripting issue

  - Original Message - 
  From: Bhasker C 
  To: suresh tiwary 
  Cc: owasp-delhi@lists.owasp.org 
  Sent: Wednesday, March 24, 2010 10:12 AM
  Subject: Re: [Owasp-delhi] Tools for Web Server V A

  Hi All,

  i have one question.

  There are different browsers we use in our system, is there any tool for all 
cookies detections/lists. How can we get a combined list of all cookies.

  Regards'
  Bhasker Chaurasia

  On Wed, Feb 17, 2010 at 11:40 AM, suresh tiwary  
wrote:

Issue: Tools for web server V A for IIS, Apache etc ?

Dear OWASP Delhi,

Can anyone provide complete and comprehensive information, sites of web 
server vulnerability assessment by manual method and by automated tools.

1. What are the free tools / open source tools actually and 
practically used for web serv V A ?

2. What are the commercial tools used for automated web server V A ?

3. How a manual web server v a is conducted ? Any checklist and the 
practical process.

4. People can share their web server v a experience.

Thanks & regards,
Suresh

___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi

--

  ___
  Owasp-delhi mailing list
  Owasp-delhi@lists.owasp.org
  https://lists.owasp.org/mailman/listinfo/owasp-delhi
___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi

Re: [Owasp-delhi] Tools for Web Server V A

2010-03-23 Thread Bhasker C

Hi All,

i have one question.

There are different browsers we use in our system, is there any tool for all
cookies detections/lists. How can we get a combined list of all cookies.

Regards'
Bhasker Chaurasia

On Wed, Feb 17, 2010 at 11:40 AM, suresh tiwary  wrote:

> Issue: Tools for web server V A for IIS, Apache etc ?
>
> Dear OWASP Delhi,
>
> Can anyone provide complete and comprehensive information, sites of web
> server vulnerability assessment by manual method and by automated tools.
>
> 1. What are the free tools / open source tools actually and
> practically used for web serv V A ?
>
> 2. What are the commercial tools used for automated web server V A ?
>
> 3. How a manual web server v a is conducted ? Any checklist and the
> practical process.
>
> 4. People can share their web server v a experience.
>
> Thanks & regards,
> Suresh
>
> 
> ___
> Owasp-delhi mailing list
> Owasp-delhi@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi

Re: [Owasp-delhi] Tools for Web Server V A

2010-02-22 Thread Nipun Gupta

Dear all,

 

I think Nessus is the best tool available for web server VA yet. You can use
also Bastille templates for OS (Unix type) hardening. Nessus is tried and
tested, plus it is patched regularly. 

 

Thank you and I hope that helps, 

 

Nipun Gupta

MSIT-Information Security

Carnegie Mellon University  

 

From: owasp-delhi-boun...@lists.owasp.org
[mailto:owasp-delhi-boun...@lists.owasp.org] On Behalf Of Munish Seth
Sent: Monday, February 22, 2010 12:47 AM
To: Neelu Tripathy; suresh tiwary
Cc: owasp-delhi@lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A

 

Hi,

 

There is one more opensource tool available which keeps on getting free
feeds.

 

Regards,

 

Munish

 

From: owasp-delhi-boun...@lists.owasp.org
[mailto:owasp-delhi-boun...@lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Friday, February 19, 2010 10:28 AM
To: suresh tiwary
Cc: owasp-delhi@lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A

 


Hi , 

  Yes, NESSUS can be used for web server VA. It is recommended to use
the professional feeds, though. Besides you can fine tune your tests for IIS
in NESSUS. 


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com
Website:  <http://www.tcs.com/> http://www.tcs.com

Experience certainty.IT Services
   Business Solutions
   Outsourcing
 


From: 

"suresh tiwary"  


To: 

 


Cc: 

, ,
,  


Date: 

02/18/2010 05:50 PM 


Subject: 

[Owasp-delhi] Tools for Web Server V A

 

  _  




Dear OWASP Delhi,

Thank you all for the good information. but i am still confused whether
"NESSUS" is a web server vulnerability assessment tool or a Network
Assessment tool.

Please suggest. 

The situation is: I have to perform the V.A of IIS using a tool. So how do I
start, Use NESSES and proceed or use any commercial tool. If commercial
tool, then which is the widely accepted commercial tool. A organization cant
have multiple commerical tool, so suggest A few commercial tools that can
perform web server V.A.

Also any checklist for IIS V.A ? 

Thanks & regards,
Suresh

Note: Forwarded message attached

-- Original Message --

From: "Vinodh Kiran S" vinodh.ki...@teaqtech.com
To: sureshtiw...@rediffmail.com
Cc: neelu.tripa...@tcs.com, ra.shrivastav...@gmail.com
Subject: FW: [Owasp-delhi] Tools for Web Server V A 





- Message from "Vinodh Kiran S"  on Unknown
- 


To:

 


cc:

,  


Subject:

FW: [Owasp-delhi] Tools for Web Server V A


Dear Suresh, 
  
In continuation of the below recommendations from Rahul and Neelu, I just
wanted to let you know that we represent Core Security (Providers of Core
Impact), here in India.  The attached datasheet will give you a quick
overview. I would like to know your thoughts on this. Please do contact me
for any further assistance. 
  
Good Day! 
  
Regards, 
  
Vinodh Kiran S |Sr. Manager - ECM | Cell: +91 (0) 9900247424 
  


  
Teaq Technologies Pvt. Ltd. 
#320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80)
4161 2610 
  
  
  
From: owasp-delhi-boun...@lists.owasp.org [
<mailto:owasp-delhi-boun...@lists.owasp.org>
mailto:owasp-delhi-boun...@lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Wednesday, February 17, 2010 4:11 PM
To: suresh tiwary
Cc: owasp-delhi@lists.owasp.org; owasp-delhi-boun...@lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A 
  

Hi Suresh, 

Apart from what Rahul suggested, you can also for GFI Languard or Core
Impact (both proprietary). For a better hands-on and/or manual assessment,
try using Metasploit (Opensource), though that might be more on the PT side.



Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com


From: 

"suresh tiwary"  


To: 

 


Date: 

02/17/2010 11:46 AM 


Subject: 

[Owasp-delhi] Tools for Web Server V A 


Sent by: 

owasp-delhi-boun...@lists.owasp.org


  

 

  _  





Issue: Tools for web server V A for IIS, Apache etc ?

Dear OWASP Delhi,

Can anyone provide complete and comprehensive information, sites of web
server vulnerability assessment by manual method and by automated tools.

1. What are the free tools / open source tools actually and 
practically used for web serv V A ?

2. What are the commercial tools used for automated web server V A ?

3. How a manual web server v a is conducted ? Any checklist and the 
practical process.

4. People can share their web server v a experience.

Thanks & regards,
Suresh 





___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
 <https://lists.owasp.org/mailman/listinfo/owasp-delhi>
https://lists.owasp.org/mailman/listinfo/owasp-delhi 
=-=-= 
Notice: The inform

Re: [Owasp-delhi] Tools for Web Server V A

2010-02-21 Thread Munish Seth

Hi,

 

There is one more opensource tool available which keeps on getting free
feeds.

 

Regards,

 

Munish

 

From: owasp-delhi-boun...@lists.owasp.org
[mailto:owasp-delhi-boun...@lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Friday, February 19, 2010 10:28 AM
To: suresh tiwary
Cc: owasp-delhi@lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A

 


Hi , 

  Yes, NESSUS can be used for web server VA. It is recommended to
use the professional feeds, though. Besides you can fine tune your tests
for IIS in NESSUS. 


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com
Website: http://www.tcs.com <http://www.tcs.com/> 

Experience certainty.IT Services
   Business Solutions
   Outsourcing
 



From: 

"suresh tiwary"  

To: 

 

Cc: 

, ,
,  

Date: 

02/18/2010 05:50 PM 

Subject: 

[Owasp-delhi] Tools for Web Server V A

 






Dear OWASP Delhi,

Thank you all for the good information. but i am still confused whether
"NESSUS" is a web server vulnerability assessment tool or a Network
Assessment tool.

Please suggest. 

The situation is: I have to perform the V.A of IIS using a tool. So how
do I start, Use NESSES and proceed or use any commercial tool. If
commercial tool, then which is the widely accepted commercial tool. A
organization cant have multiple commerical tool, so suggest A few
commercial tools that can perform web server V.A.

Also any checklist for IIS V.A ? 

Thanks & regards,
Suresh

Note: Forwarded message attached

-- Original Message --

From: "Vinodh Kiran S" vinodh.ki...@teaqtech.com
To: sureshtiw...@rediffmail.com
Cc: neelu.tripa...@tcs.com, ra.shrivastav...@gmail.com
Subject: FW: [Owasp-delhi] Tools for Web Server V A 





- Message from "Vinodh Kiran S"  on
Unknown - 

To:

 

cc:

,  

Subject:

FW: [Owasp-delhi] Tools for Web Server V A


Dear Suresh, 
  
In continuation of the below recommendations from Rahul and Neelu, I
just wanted to let you know that we represent Core Security (Providers
of Core Impact), here in India.  The attached datasheet will give you a
quick overview. I would like to know your thoughts on this. Please do
contact me for any further assistance. 
  
Good Day! 
  
Regards, 
  
Vinodh Kiran S |Sr. Manager - ECM | Cell: +91 (0) 9900247424 
  


  
Teaq Technologies Pvt. Ltd. 
#320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91
(80) 4161 2610 
  
  
  
From: owasp-delhi-boun...@lists.owasp.org
[mailto:owasp-delhi-boun...@lists.owasp.org
<mailto:owasp-delhi-boun...@lists.owasp.org> ] On Behalf Of Neelu
Tripathy
Sent: Wednesday, February 17, 2010 4:11 PM
To: suresh tiwary
Cc: owasp-delhi@lists.owasp.org; owasp-delhi-boun...@lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A 
  

Hi Suresh, 

Apart from what Rahul suggested, you can also for GFI Languard or
Core Impact (both proprietary). For a better hands-on and/or manual
assessment, try using Metasploit (Opensource), though that might be more
on the PT side. 


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com

From: 

"suresh tiwary"  

To: 

 

Date: 

02/17/2010 11:46 AM 

Subject: 

[Owasp-delhi] Tools for Web Server V A 

Sent by: 

owasp-delhi-boun...@lists.owasp.org


  

 







Issue: Tools for web server V A for IIS, Apache etc ?

Dear OWASP Delhi,

Can anyone provide complete and comprehensive information, sites of web
server vulnerability assessment by manual method and by automated tools.

1. What are the free tools / open source tools actually and 
practically used for web serv V A ?

2. What are the commercial tools used for automated web server V A ?

3. How a manual web server v a is conducted ? Any checklist and the 
practical process.

4. People can share their web server v a experience.

Thanks & regards,
Suresh 





___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi
<https://lists.owasp.org/mailman/listinfo/owasp-delhi>  
=-=-= 
Notice: The information contained in this e-mail 
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you 
  
 [attachment "CORE_IMPACT_Pro.pdf"

Re: [Owasp-delhi] Tools for Web Server V A

2010-02-18 Thread Satyajit Das

hi All,

A site which can assist:

http://www.vulnerabilityscanning.com/Web-Servers-Security.htm

regards,
satyajit


On 2/19/10, Neelu Tripathy  wrote:
>
>
> Hi ,
>
>   Yes, NESSUS can be used for web server VA. It is recommended to use
> the professional feeds, though. Besides you can fine tune your tests for IIS
> in NESSUS.
>
>
> Regards,
> Neelu Tripathy
> Security Analyst,  TEG
> Tata Consultancy Services
> Mailto: neelu.tripa...@tcs.com
> Website: http://www.tcs.com
> 
> Experience certainty.IT Services
>Business Solutions
>Outsourcing
> 
>
>
>   From: "suresh tiwary"   To: <
> owasp-delhi@lists.owasp.org>  Cc: , <
> ra.shrivastav...@gmail.com>, , <
> vinodh.ki...@teaqtech.com> Date: 02/18/2010 05:50 PM Subject: [Owasp-delhi]
> Tools for Web Server V A
> --
>
>
>
> Dear OWASP Delhi,
>
> Thank you all for the good information. but i am still confused whether
> "NESSUS" is a web server vulnerability assessment tool or a Network
> Assessment tool.
>
> Please suggest.
>
> The situation is: I have to perform the V.A of IIS using a tool. So how do
> I start, Use NESSES and proceed or use any commercial tool. If commercial
> tool, then which is the widely accepted commercial tool. A organization cant
> have multiple commerical tool, so suggest A few commercial tools that can
> perform web server V.A.
>
> Also any checklist for IIS V.A ?
>
> Thanks & regards,
> Suresh
>
> Note: Forwarded message attached
>
> -- Original Message --
>
> From: "Vinodh Kiran S" vinodh.ki...@teaqtech.com
> To: sureshtiw...@rediffmail.com
> Cc: neelu.tripa...@tcs.com, ra.shrivastav...@gmail.com
> Subject: FW: [Owasp-delhi] Tools for Web Server V A  
> <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline@middle?>
>
> - Message from "Vinodh Kiran S"  on Unknown
> -
> *To:*
> 
> *cc:*
> , 
> *Subject:*
> FW: [Owasp-delhi] Tools for Web Server V A
> Dear Suresh,
>
> In continuation of the below recommendations from Rahul and Neelu, I just
> wanted to let you know that we represent Core Security (Providers of Core
> Impact), here in India.  The attached datasheet will give you a quick
> overview. I would like to know your thoughts on this. Please do contact me
> for any further assistance.
>
> Good Day!
>
> Regards,
>
> Vinodh Kiran S |Sr. Manager – ECM | Cell: +91 (0) 9900247424
>
>
>
> * *
> *Teaq Technologies Pvt. Ltd.*
> #320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80)
> 4161 2610
>
>
>
> *From:* owasp-delhi-boun...@lists.owasp.org [
> mailto:owasp-delhi-boun...@lists.owasp.org]
> *On Behalf Of *Neelu Tripathy*
> Sent:* Wednesday, February 17, 2010 4:11 PM*
> To:* suresh tiwary*
> Cc:* owasp-delhi@lists.owasp.org; owasp-delhi-boun...@lists.owasp.org*
> Subject:* Re: [Owasp-delhi] Tools for Web Server V A
>
>
> Hi Suresh,
>
> Apart from what Rahul suggested, you can also for GFI Languard or Core
> Impact (both proprietary). For a better hands-on and/or manual assessment,
> try using Metasploit (Opensource), though that might be more on the PT side.
>
>
> Regards,
> Neelu Tripathy
> Security Analyst,  TEG
> Tata Consultancy Services
> Mailto: neelu.tripa...@tcs.com
>
>   From: "suresh tiwary"   To: <
> owasp-delhi@lists.owasp.org>  Date: 02/17/2010 11:46 AM  Subject: 
> [Owasp-delhi]
> Tools for Web Server V A
>  Sent by: owasp-delhi-boun...@lists.owasp.org
>
>
>
> --
>
>
>
>
> Issue: Tools for web server V A for IIS, Apache etc ?
>
> Dear OWASP Delhi,
>
> Can anyone provide complete and comprehensive information, sites of web
> server vulnerability assessment by manual method and by automated tools.
>
> 1. What are the free tools / open source tools actually and
> practically used for web serv V A ?
>
> 2. What are the commercial tools used for automated web server V A ?
>
> 3. How a manual web server v a is conducted ? Any checklist and the
> practical process.
>
> 4. People can share their web server v a experience.
>
> Thanks & regards,
> Suresh
>
>
>
> ___
> Owasp-delhi mailing list
> owasp-de...@lists.owasp.org*
> **https://lists.owasp.org/mailman/listinfo/owasp-delhi*<https://lists.owasp.org/mailman/listinfo/owasp-delhi>
> =-=-=
>

Re: [Owasp-delhi] Tools for Web Server V A

2010-02-18 Thread Neelu Tripathy

Hi ,

  Yes, NESSUS can be used for web server VA. It is recommended to use 
the professional feeds, though. Besides you can fine tune your tests for 
IIS in NESSUS.


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com
Website: http://www.tcs.com

Experience certainty.   IT Services
Business Solutions
Outsourcing




From:
"suresh tiwary" 
To:

Cc:
, , 
, 
Date:
02/18/2010 05:50 PM
Subject:
[Owasp-delhi] Tools for Web Server V A



Dear OWASP Delhi,

Thank you all for the good information. but i am still confused whether 
"NESSUS" is a web server vulnerability assessment tool or a Network 
Assessment tool.

Please suggest. 

The situation is: I have to perform the V.A of IIS using a tool. So how do 
I start, Use NESSES and proceed or use any commercial tool. If commercial 
tool, then which is the widely accepted commercial tool. A organization 
cant have multiple commerical tool, so suggest A few commercial tools that 
can perform web server V.A.

Also any checklist for IIS V.A ? 

Thanks & regards,
Suresh

Note: Forwarded message attached

-- Original Message --

From: "Vinodh Kiran S" vinodh.ki...@teaqtech.com
To: sureshtiw...@rediffmail.com
Cc: neelu.tripa...@tcs.com, ra.shrivastav...@gmail.com
Subject: FW: [Owasp-delhi] Tools for Web Server V A


- Message from "Vinodh Kiran S"  on Unknown 
-
To:

cc:
, 
Subject:
FW: [Owasp-delhi] Tools for Web Server V A
Dear Suresh,
 
In continuation of the below recommendations from Rahul and Neelu, I just 
wanted to let you know that we represent Core Security (Providers of Core 
Impact), here in India.  The attached datasheet will give you a quick 
overview. I would like to know your thoughts on this. Please do contact me 
for any further assistance.
 
Good Day!
 
Regards,
 
Vinodh Kiran S |Sr. Manager ? ECM | Cell: +91 (0) 9900247424
 


 
Teaq Technologies Pvt. Ltd.
#320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80) 
4161 2610 
 
 
 
From: owasp-delhi-boun...@lists.owasp.org [
mailto:owasp-delhi-boun...@lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Wednesday, February 17, 2010 4:11 PM
To: suresh tiwary
Cc: owasp-delhi@lists.owasp.org; owasp-delhi-boun...@lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A
 

Hi Suresh, 

 Apart from what Rahul suggested, you can also for GFI Languard or 
Core Impact (both proprietary). For a better hands-on and/or manual 
assessment, try using Metasploit (Opensource), though that might be more 
on the PT side. 


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com


From: 
"suresh tiwary"  
To: 
 
Date: 
02/17/2010 11:46 AM 
Subject: 
[Owasp-delhi] Tools for Web Server V A 
Sent by: 
owasp-delhi-boun...@lists.owasp.org
 




Issue: Tools for web server V A for IIS, Apache etc ?

Dear OWASP Delhi,

Can anyone provide complete and comprehensive information, sites of web 
server vulnerability assessment by manual method and by automated tools.

1. What are the free tools / open source tools actually and 
practically used for web serv V A ?

2. What are the commercial tools used for automated web server V A ?

3. How a manual web server v a is conducted ? Any checklist and the 
practical process.

4. People can share their web server v a experience.

Thanks & regards,
Suresh 



___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi
=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you
 
 [attachment "CORE_IMPACT_Pro.pdf" deleted by Neelu Tripathy/TVM/TCS] 

=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


___
Owasp-delhi mailing list
Owasp-

Re: [Owasp-delhi] Tools for Web Server V A

2010-02-18 Thread Parthajit Panda

Nessus is a network or host vulnerability scanner. For application security 
scanning you will need a Web Application Security Vulnerability Scanner (WASVS) 
such as IBM Rational AppScan or HP Webinspect.

Regards
Parthajit

From: owasp-delhi-boun...@lists.owasp.org 
[mailto:owasp-delhi-boun...@lists.owasp.org] On Behalf Of Gautam Kapoor
Sent: Thursday, February 18, 2010 8:26 PM
To: suresh tiwary
Cc: shekhar.ar...@me.com; owasp-delhi@lists.owasp.org; vinodh.ki...@teaqtech.com
Subject: Re: [Owasp-delhi] Tools for Web Server V A

a good starting point would be

http://cirt.net/nikto2
windows based vrsion
http://www.sensepost.com/research/wikto/

for IIS checklist you can start here.

http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=98

Regards
Gautam
On 18 February 2010 17:39, suresh tiwary 
mailto:sureshtiw...@rediffmail.com>> wrote:
Dear OWASP Delhi,

Thank you all for the good information. but i am still confused whether 
"NESSUS" is a web server vulnerability assessment tool or a Network Assessment 
tool.

Please suggest.

The situation is: I have to perform the V.A of IIS using a tool. So how do I 
start, Use NESSES and proceed or use any commercial tool. If commercial tool, 
then which is the widely accepted commercial tool. A organization cant have 
multiple commerical tool, so suggest A few commercial tools that can perform 
web server V.A.

Also any checklist for IIS V.A ?

Thanks & regards,
Suresh

Note: Forwarded message attached

-- Original Message --

From: "Vinodh Kiran S" 
vinodh.ki...@teaqtech.com<mailto:vinodh.ki...@teaqtech.com>
To: sureshtiw...@rediffmail.com<mailto:sureshtiw...@rediffmail.com>
Cc: neelu.tripa...@tcs.com<mailto:neelu.tripa...@tcs.com>, 
ra.shrivastav...@gmail.com<mailto:ra.shrivastav...@gmail.com>
Subject: FW: [Owasp-delhi] Tools for Web Server V A
Error! Filename not 
specified.<http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline@middle?>



-- Forwarded message --
From: "Vinodh Kiran S" 
mailto:vinodh.ki...@teaqtech.com>>
To: mailto:sureshtiw...@rediffmail.com>>
Date:
Subject: FW: [Owasp-delhi] Tools for Web Server V A
Dear Suresh,

In continuation of the below recommendations from Rahul and Neelu, I just 
wanted to let you know that we represent Core Security (Providers of Core 
Impact), here in India.  The attached datasheet will give you a quick overview. 
I would like to know your thoughts on this. Please do contact me for any 
further assistance.

Good Day!

Regards,

Vinodh Kiran S |Sr. Manager - ECM | Cell: +91 (0) 9900247424

Error! Filename not specified.
Error! Filename not specified.

Teaq Technologies Pvt. Ltd.
#320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80) 4161 
2610



From: 
owasp-delhi-boun...@lists.owasp.org<mailto:owasp-delhi-boun...@lists.owasp.org> 
[mailto:owasp-delhi-boun...@lists.owasp.org<mailto:owasp-delhi-boun...@lists.owasp.org>]
 On Behalf Of Neelu Tripathy
Sent: Wednesday, February 17, 2010 4:11 PM
To: suresh tiwary
Cc: owasp-delhi@lists.owasp.org<mailto:owasp-delhi@lists.owasp.org>; 
owasp-delhi-boun...@lists.owasp.org<mailto:owasp-delhi-boun...@lists.owasp.org>
Subject: Re: [Owasp-delhi] Tools for Web Server V A


Hi Suresh,

 Apart from what Rahul suggested, you can also for GFI Languard or Core 
Impact (both proprietary). For a better hands-on and/or manual assessment, try 
using Metasploit (Opensource), though that might be more on the PT side.


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com<mailto:neelu.tripa...@tcs.com>
From:

"suresh tiwary" 
mailto:sureshtiw...@rediffmail.com>>

To:

mailto:owasp-delhi@lists.owasp.org>>

Date:

02/17/2010 11:46 AM

Subject:

[Owasp-delhi] Tools for Web Server V A

Sent by:

owasp-delhi-boun...@lists.owasp.org<mailto:owasp-delhi-boun...@lists.owasp.org>






Issue: Tools for web server V A for IIS, Apache etc ?

Dear OWASP Delhi,

Can anyone provide complete and comprehensive information, sites of web server 
vulnerability assessment by manual method and by automated tools.

1. What are the free tools / open source tools actually and
practically used for web serv V A ?

2. What are the commercial tools used for automated web server V A ?

3. How a manual web server v a is conducted ? Any checklist and the
practical process.

4. People can share their web server v a experience.

Thanks & regards,
Suresh


___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org<mailto:Owasp-delhi@lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-delhi

=-=-=

Notice: The information contained in this e-mail

message and/or attachments to it may contain

confidential or privileged information. If you are

no

Re: [Owasp-delhi] Tools for Web Server V A

2010-02-18 Thread Gautam Kapoor

a good starting point would be

http://cirt.net/nikto2
windows based vrsion
http://www.sensepost.com/research/wikto/

for IIS checklist you can start here.

http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=98

Regards
Gautam

On 18 February 2010 17:39, suresh tiwary wrote:

> Dear OWASP Delhi,
>
> Thank you all for the good information. but i am still confused whether
> "NESSUS" is a web server vulnerability assessment tool or a Network
> Assessment tool.
>
> Please suggest.
>
> The situation is: I have to perform the V.A of IIS using a tool. So how do
> I start, Use NESSES and proceed or use any commercial tool. If commercial
> tool, then which is the widely accepted commercial tool. A organization cant
> have multiple commerical tool, so suggest A few commercial tools that can
> perform web server V.A.
>
> Also any checklist for IIS V.A ?
>
> Thanks & regards,
> Suresh
>
> Note: Forwarded message attached
>
> -- Original Message --
>
> From: "Vinodh Kiran S" vinodh.ki...@teaqtech.com
> To: sureshtiw...@rediffmail.com
> Cc: neelu.tripa...@tcs.com, ra.shrivastav...@gmail.com
> Subject: FW: [Owasp-delhi] Tools for Web Server V A
>
> <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline@middle?>
>
> -- Forwarded message --
> From: "Vinodh Kiran S" 
> To: 
> Date:
> Subject: FW: [Owasp-delhi] Tools for Web Server V A
>
> Dear Suresh,
>
>
>
> In continuation of the below recommendations from Rahul and Neelu, I just
> wanted to let you know that we represent Core Security (Providers of Core
> Impact), here in India.  The attached datasheet will give you a quick
> overview. I would like to know your thoughts on this. Please do contact me
> for any further assistance.
>
>
>
> Good Day!
>
>
>
> Regards,
>
>
>
> Vinodh Kiran S |Sr. Manager – ECM | Cell: +91 (0) 9900247424
>
>
>
> *[image: cid:image001.png@01C9A3D8.C1AE5160]***
>
> *[image: Teaq]***
>
> * *
>
> *Teaq Technologies Pvt. Ltd.*
>
> #320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80)
> 4161 2610
>
>
>
>
>
>
>
> *From:* owasp-delhi-boun...@lists.owasp.org [mailto:
> owasp-delhi-boun...@lists.owasp.org] *On Behalf Of *Neelu Tripathy
> *Sent:* Wednesday, February 17, 2010 4:11 PM
> *To:* suresh tiwary
> *Cc:* owasp-delhi@lists.owasp.org; owasp-delhi-boun...@lists.owasp.org
> *Subject:* Re: [Owasp-delhi] Tools for Web Server V A
>
>
>
>
> Hi Suresh,
>
>  Apart from what Rahul suggested, you can also for GFI Languard or Core
> Impact (both proprietary). For a better hands-on and/or manual assessment,
> try using Metasploit (Opensource), though that might be more on the PT side.
>
>
> Regards,
> Neelu Tripathy
> Security Analyst,  TEG
> Tata Consultancy Services
> Mailto: neelu.tripa...@tcs.com
>
>   From:
>
> "suresh tiwary" 
>
> To:
>
> 
>
> Date:
>
> 02/17/2010 11:46 AM
>
> Subject:
>
> [Owasp-delhi] Tools for Web Server V A
>
> Sent by:
>
> owasp-delhi-boun...@lists.owasp.org
>
>
>  --
>
>
>
>
> Issue: Tools for web server V A for IIS, Apache etc ?
>
> Dear OWASP Delhi,
>
> Can anyone provide complete and comprehensive information, sites of web
> server vulnerability assessment by manual method and by automated tools.
>
> 1. What are the free tools / open source tools actually and
> practically used for web serv V A ?
>
> 2. What are the commercial tools used for automated web server V A ?
>
> 3. How a manual web server v a is conducted ? Any checklist and the
> practical process.
>
> 4. People can share their web server v a experience.
>
> Thanks & regards,
> Suresh
>
>
> ___
> Owasp-delhi mailing list
> Owasp-delhi@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
> =-=-=
>
> Notice: The information contained in this e-mail
>
> message and/or attachments to it may contain
>
> confidential or privileged information. If you are
>
> not the intended recipient, any dissemination, use,
>
> review, distribution, printing or copying of the
>
> information contained in this e-mail message
>
> and/or attachments to it are strictly prohibited. If
>
> you have received this communication in error,
>
> please notify us by reply e-mail or telephone and
>
> immediately and permanently delete the message
>
> and any attachments. Thank you
>
>
>
>
>
>
> ___
> Owasp-delhi mailing list
> Owasp-delhi@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi

Re: [Owasp-delhi] Tools for Web Server V A

2010-02-17 Thread Neelu Tripathy

Hi Suresh,

 Apart from what Rahul suggested, you can also for GFI Languard or 
Core Impact (both proprietary). For a better hands-on and/or manual 
assessment, try using Metasploit (Opensource), though that might be more 
on the PT side.


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com




From:
"suresh tiwary" 
To:

Date:
02/17/2010 11:46 AM
Subject:
[Owasp-delhi] Tools for Web Server V A
Sent by:
owasp-delhi-boun...@lists.owasp.org



Issue: Tools for web server V A for IIS, Apache etc ?

Dear OWASP Delhi,

Can anyone provide complete and comprehensive information, sites of web 
server vulnerability assessment by manual method and by automated tools.

1. What are the free tools / open source tools actually and 
practically used for web serv V A ?

2. What are the commercial tools used for automated web server V A ?

3. How a manual web server v a is conducted ? Any checklist and the 
practical process.

4. People can share their web server v a experience.

Thanks & regards,
Suresh

___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi


=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi

Re: [Owasp-delhi] Tools for Web Server V A

2010-02-17 Thread Rahul Shrivastava

Hi Suresh,

1. Whtat are the free tools / open source tools actually and
practically used for web serv V A ? Qualys Guard and Nessus. They also give
you something like test scans using that you can run a few scans as you like
and this doesn't require paying them till a certain limit.

2. What are the commercial tools used for automated web server V A ? Qualys
Guard and Nessus again. You can configure them to run scan and throw reports
at periodic interval.

3. How a manual web server v a is conducted ? Any checklist and the
practical process. Not much idea about this one. Sorry

4. People can share their web server v a experience. - Well what the report
provides is a lot of information and there may be false positives also.
There generally are, then it will require some research and then talking to
the Asset owners of the Assets where the vulnerability exists. In Qualys
there are two kinds of vulnerability 1. Potential 2. Confirmed.

Hope this all gives you a good idea and helps you moving ahead !!

Regards
Rahul Shrivastava
IT Security Consultant

On Wed, Feb 17, 2010 at 11:40 AM, suresh tiwary  wrote:

> Issue: Tools for web server V A for IIS, Apache etc ?
>
> Dear OWASP Delhi,
>
> Can anyone provide complete and comprehensive information, sites of web
> server vulnerability assessment by manual method and by automated tools.
>
> 1. What are the free tools / open source tools actually and
> practically used for web serv V A ?
>
> 2. What are the commercial tools used for automated web server V A ?
>
> 3. How a manual web server v a is conducted ? Any checklist and the
> practical process.
>
> 4. People can share their web server v a experience.
>
> Thanks & regards,
> Suresh
>
> 
> ___
> Owasp-delhi mailing list
> Owasp-delhi@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>

-- 
Regards
Rahul Shrivastava
IT Security Consultant
___
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

Re: [Owasp-delhi] Tools for Web Server V A

10 matches

Site Navigation

Mail list logo

Footer information