[nylug-talk] audit open source tools
Miguel Gonzalez Castaños
miguel_3_gonzalez at yahoo.es
Sun Jul 29 11:26:33 EDT 2007
Hi,
I am following the suggestion of people of focusing my daily duties to
the topics that I like the most. Since I want to learn more about secure
programming and security as a whole, I'd like to learn how to assist
first the programmers at work to make audits on our developments (mainly
PHP and sometimes ASP and coldfusion).
I know Nessus superficially but I'd like to know which kind of tools
people use to see if a web application is secure in terms of SQL
injection, vulnerabilities of the code, weaknesses, not only of the Web
Server and the script language, but the application itself (or both
approaches). Sometimes the development server is of internal use only
and doesn't much more sense to invest time hardening it, and when you
use external hosting companies, you depend on the configuration of the
hosting company.
I have done some google research, and I have found some free Security
magazines, but they talk about commercial tools and I'm more looking
open source tools (a set of tools).
How do you guys deal with this kind of things?
Many thanks,
Miguel
More information about the nylug-talk
mailing list