» »

odkrivanje ranljivosti in preverjanje spletnih aplikacij

odkrivanje ranljivosti in preverjanje spletnih aplikacij

Jerry000 ::

Pozdrav

Zanima me kje bi lahko našel največ informacij (najbolj zaželjeno v SLO) o "Orodja za odkrivanje ranljivosti in preverjanje spletnih aplikacij"?
Prosim ne odgovarjat z google, nekaj sem že iskal ampak ni nič kaj preveč konkretno napisanega...če pa je je pa to samo kakšna vrstica. Rabim opis tehnik kot so:

-SQL Injection
-Stealth Commanding / Buffer Overrun
-URL Parameter Manipulation, Cookie Manipulation, Hidden Field Manipulation
-Forcefull Browsing
-Cross Site Scripting (XSS)
-Cross-site request forgery (CSRF ali XCSF)

Če so še kakšne tehnike bi tudi prosil da poveste. Nekaj sem že sam našel ampak premalo saj rabim 12 strani besedila, nekatere tehnike so v SLO jeziku kar dovolj napisane, nekatere pa sploh ne. Prosim za pomoč pri moji seminarski nalogi, mogoče če se kdo spozna na to da mi na ZS pošlje MSN in se bomo tam menili.

Lp

333333 ::

Lahko poskusis s tem.

http://www.safety-lab.com/en/products/6...
database scanner
Safety Lab Shadow Database Scanner provides Vulnerability Management-Database Management and Analysis needs for SQL Server Security. Internet-enabled organizations need a database security solution that is flexible, easy to use and saves valuable resources. Safety Lab Database Scanner meets these needs, empowering organizations to protect their valuable data and protect information for their SQL Server Security.

Shadow Database Scanner (Shadow Database Scanner - database scanner) is a new generation of hi-tech software that performed greatly in the 20th century and remains on the front line in the new millennium! Shadow Database Scanner has been developed to provide a secure, prompt and reliable detection of a vast range of security system holes. After completing the system scan, Shadow Database Scanner analyses the data collected, locates vulnerabilities and possible errors in server tuning options, and suggests possible ways of problem solution. Shadow Database Scanner employs a unique system security analysis algorithm based on a patented "intellectual core".

Because of its unique architecture, Shadow Database Scanner is the world's only security scanner able to detect faults with MiniSql. It is also the only commercial scanner capable of tracking more than 300 audits per system.

Currently, the following SQL Servers are supported: MSSql, Oracle, IBMDB2, MiniSql, MySQL, Sybase, SAP DB and Lotus Domino. Because of a fully open (ActiveX-based) architecture any professional with knowledge of VC++, C++ Builder or Delphi may easily expand the capabilities of the Scanner. ActiveX technology also enables the system administrators to integrate Shadow Database Scanner into practically any ActiveX supporting product.

As Shadow Database Scanner provides a direct access to its core, you may use the API (for a detailed information please refer to API documentation) to gain full control to Shadow Database Scanner or to change its properties and functions. Being not a professional programmer, but having some basic knowledge of computer networks and having found a new security breach you may either contact Safety-Lab directly or use the BaseSDK wizard: it will guide you through the whole process of new audit creation. BaseSDK also lets you add more than 95% of new audit types.

The Rules and Settings Editor will be essential for the users willing only to scan the desired ports and services without wasting time and resources on scanning other services. Flexible tuning lets system administrators manage scanning depth and other options to make benefit of speed-optimized network scanning without any loss in scanning quality.

Another unique capability of the Scanner concerns the possibility of saving detailed scan session log not only in traditional HTML format (which is available in 99% other scanners) but also in XML, PDF, RTF and CHM (compiled HTML) formats.

The new interface is both user-friendly and simple to use and it has been optimized to provide even easier access to program's main functions. Managing Shadow Database Scanner options is also made simpler: all the key elements of the program interface have bubble help windows with a concise description of their function.

The Update Wizard provides the timely updates of program's executive modules with the most up-to-date security information, guaranteeing a solid protection for your system and its high resistance to malicious attacks. Safety-Lab has also accompanied its new product with the direct access to its Internet Security Expert service and a daily-updated Download Zone.

Ali s tem

Shadow security scanner

http://www.safety-lab.com/en/products/s...

Safety Lab Shadow Security Scanner is a Proactive Computer Network Security Vulnerability Assessment Scanner with over 5000 audits.
This is a new generation of hi-tech software (network vulnerability assessment scanner) that perforShadow Security Scannermed greatly in the 20th century and remains on the front line in the new millennium! Shadow Security Scanner (network vulnerability assessment scanner) has earned the name of the fastest - and best performing - security scanner in its market sector, outperforming many famous brands. Shadow Security Scanner has been developed to provide a secure, prompt and reliable detection of a vast range of security system holes. After completing the system scan, Shadow Security Scanner analyses the data collected, locates vulnerabilities and possible errors in server tuning options, and suggests possible ways of problem solution. Shadow Security Scanner employs a unique system security analysis algorithm based on a patented "intellectual core". Shadow Security Scanner performs the system scan at such a speed and with such a precision so as to be able to compete with the professional IT security services and hackers, attempting to break into your network.

Running on its native Windows platform, Shadow Security Scanner also scans servers built practically on any platform, successfully revealing breaches in Unix, Linux, FreeBSD, OpenBSD, Net BSD, Solaris and, of course, Windows 95/98/ME/NT/2000/XP/.NET. Because of its unique architecture, Shadow Security Scanner is the world's only security scanner able to detect faults with CISCO, HP, and other network equipment. It is also the only commercial scanner capable of tracking more than 4,000 audits per system.

Currently, the following key services supported are: FTP, SSH, Telnet, SMTP, DNS, Finger, HTTP, POP3, IMAP, NetBIOS, NFS, NNTP, SNMP, Squid (Shadow Security Scanner is the only scanner to audit proxy servers - other scanners just verify ports availability), LDAP (Shadow Security Scanner is the only scanner to audit LDAP servers - other scanners limit their actions to ports verification), HTTPS, SSL, TCP/IP, UDP, and Registry services. Because of a fully open (ActiveX-based) architecture any professional with knowledge of VC++, C++ Builder or Delphi may easily expand the capabilities of the Scanner. ActiveX technology also enables the system administrators to integrate Shadow Security Scanner into practically any ActiveX supporting product.

Security Scanner GUI As network vulnerability assessment scanner provides a direct access to its core, you may use the API (for a detailed information please refer to API documentation) to gain full control to Shadow Security Scanner or to change its properties and functions. Being not a professional programmer, but having some basic knowledge of computer networks and having found a new security breach you may either contact Safety-Lab directly or use the BaseSDK wizard: it will guide you through the whole process of new audit creation. BaseSDK also lets you add more than 95% of new audit types.

The Rules and Settings Editor will be essential for the users willing only to scan the desired ports and services without wasting time and resources on scanning other services. Flexible tuning lets system administrators manage scanning depth and other options to make benefit of speed-optimized network scanning without any loss in scanning quality.

Security Scanner Rules The function of simultaneous multiple network scanning (up to 10 hosts per session) has also been added to improve the overall speed.

Another unique capability of the Scanner concerns the possibility of saving detailed scan session log not only in traditional HTML format (which is available in 99% other scanners) but also in XML, PDF, RTF and CHM (compiled HTML) formats.

The new interface is both user-friendly and simple to use and it has been optimized to provide even easier access to program's main functions. Managing Shadow Security Scanner options is also made simpler: all the key elements of the program interface have bubble help windows with a concise description of their function.

Security Scanner Report The Update Wizard provides the timely updates of program's executive modules with the most up-to-date security information, guaranteeing a solid protection for your system and its high resistance to malicious attacks. Safety-Lab has also accompanied its new product with the direct access to its Internet Security Expert service and a daily-updated Download Zone.

Samo se bos moral nauciti ang.. mi smo premali da bi to prevajali v nas jezik.. al pa google translate ;)
Spiritual

Zgodovina sprememb…

  • spremenilo: 333333 ()

DMouse ::

denial ::

CSRF: KLIK
XSS: KLIK
SQLi: KLIK
Field manipulation: KLIK
Session fixation: KLIK
Web app buffer overflows: KLIK
SELECT finger FROM hand WHERE id=3;

Zgodovina sprememb…

  • spremenil: denial ()

Jerry000 ::

Hvala za odgovore :)


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Nov članek: "All your firmware are belong to us" (strani: 1 2 3 )

Oddelek: Novice / Nova vsebina
13816655 (13495) arrigo
»

Diagnostično orodje za WD

Oddelek: Programska oprema
144448 (4308) clovk
»

problem - scanner HP PSC 500

Oddelek: Pomoč in nasveti
71169 (1101) xena
»

kako lahko hekerji ti vdrejo v računalnik

Oddelek: Omrežja in internet
285978 (5093) SLOWWWeb.net

Več podobnih tem