alexandruth Posted May 25, 2014 Report Share Posted May 25, 2014 Ce folosi?i atunci când vine vorba de a c?uta vulnerabilit??i într-un anumit site? Ce metode sau ce unelte? Vreau s? fac un mic schimb de experien??. Eu spre exemplu caut platforma pe care ruleaz? site-ul, apoi caut vulnerabilit??i în platforma respectiv?, folosesc un scanner de vulnerabilit??i, dac? e un site mai m?ricel, folosesc ?i Google dorks ?i îi testez porturile. Quote Link to comment Share on other sites More sharing options...
Rikudo Posted May 25, 2014 Report Share Posted May 25, 2014 Foarte bine, mergi pe principiul "Old-school".Ca sa-ti faci o idee:http://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf Quote Link to comment Share on other sites More sharing options...
D3mEnT Posted May 25, 2014 Report Share Posted May 25, 2014 Havij rullz Quote Link to comment Share on other sites More sharing options...
Rikudo Posted May 25, 2014 Report Share Posted May 25, 2014 Havij rullz Not sometimes, nici sqlmap nu poate sa faca orice injectie, mana omului si capacitatea lui mintala, sunt singurele unelte pentru un pentesting bun. Quote Link to comment Share on other sites More sharing options...
em Posted May 25, 2014 Report Share Posted May 25, 2014 Eu las acunetix in fundal sa mearga in timp ce incerc manual. Mi se pare extrem de util, poate gasi lucruri care tie ti-au scapat. Quote Link to comment Share on other sites More sharing options...
yo20063 Posted May 25, 2014 Report Share Posted May 25, 2014 Mie cel mai important la un audit web app mi se pare directory tree dupa ce ai exclus restul, si ma folosesc de burpsuite de cele mai multe ori Quote Link to comment Share on other sites More sharing options...
