3. Audit techniques and tools
We will not be presenting the tools already described in the article "Safety audits: methodologies, tools and feedback". We therefore invite the reader to refer to them. Indeed, the principles remain the same: information gathering, social engineering, discovery of application entry points...
In this chapter, we present the most commonly used tools for finding and exploiting security flaws in Web applications. We'll be focusing on the tools themselves, since they implement techniques that are commonly used manually by auditors.
Finally, we'll take a closer look at some of the tools commonly used in Web security audits.
3.1 Web vulnerability scanning
Web application auditing can be carried out by :
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Audit techniques and tools
Feedback
Bibliography
Works
- SHEWHART (S.), WALTER (A.) - Economic control of quality of manufactured product/50 th anniversary commemorative issue. - American Society for Quality December 1980. ISBN 0-87389-076-0. OCLC 223422287 (1930).
Also in our database
- ...
Websites
• Agarri – Specialized in offensive aspects of information security http://www.agarri.fr
• Alexa – Provides information about websites http://www.alexa.com
• BEFF – The Browser Exploitation Framework Project – Using XSS encryption
The Ultimate Scientific and Technical Reference
