I started my carrier in application security with this open source automated security scanner.
That time I was really excited to use this tools. As a beginner it’s not a waste of
time, Nikto and wikto tools will show
you potentials obvious doors, using fingerprint, default pages, default
directories. It can be useful to detect if there are some known vulnerable
applications behind a Domain Name or IP address. But it will not go deeper. In
addition to this, it is required to take a look at other open source
tools for different security vulnerabilities like SQL Injection, XSS and etc.
Of course, some professionals products exists to go really
deeper, like Qualys, where you can choose audit level (fingerprinting -> poc
-> aggressive). Nessus, Metasploit, IBM AppScan are some keywords you can
google for too, just add "web application scanning" or "web
application vulnerability" after the keyword.
All of them will never replace a manual audit, meaning that
you have many years of hack and multiples skills (DB admin, web application
development, system, ....).
In fact, all depends your needs : pentest or audit ? The
border between theses 2 words is thin. Let's say if somebody ask you for a
pentest, it will include an audit first, then real exploits you will find, the
goal is to steal data, become root, or make things you are not supposed to be
able to do. For an audit, "bad" auditors will only click a button and
will be paid for a nice pdf report nice graphs and colors. Real auditors will
go deeper on each point marked as red in the report.
No comments:
Post a Comment