Tuesday 16 July 2013

HOWTO: Web Application Scanning

So you think your web app is vulnerable. How do you find out more using automated tools? Let's start with the freely available ones.

1) Nikto.

On FreeBSD,

cd /usr/ports/security/nikto && make install clean && rehash
nikto -update
nikto -host http://yourserver

You're looking for 0 errors.


2) Netsparker Community Edition for Windows

Download it here. Unlike some other free scanners, this can detect SQL Injections as well as XSS attacks. Highly useful.

3) N-Stalker Free Edition.

Download it here. Has limitation of up to 500 pages max, and reduced number of rules compared to paid ed.


LibreOffice vs OpenOffice, which to use?

One word...LibreOffice. Why?

  1. LibreOffice has 350 programmers and 20,700 code commits over the last 12 months, versus 50 devs and 4,900 commits for OpenOffice. While more programmers is not necessarily better coding, an active base of committers is a sign of a healthy project.
  2. Licensing. LibreOffice is based on LGPL, OpenOffice on ASF. ASF does not accept contributions from non-ASF licensees.
  3. AMD have thrown support behind LibreOffice, promising hardware acceleration to boost speeds. If you're an Excel power user, this will make LibreOffice a viable consideration as far as speed goes.
  4. LibreOffice will have mobile support. Android & iOS ports are being worked on, though it's still early days yet.


Download LibreOffice now.



References

1) http://www.theregister.co.uk/2013/07/16/libre_office_hardware_acceleration/
2) https://wiki.documentfoundation.org/ReleasePlan#4.2_release
3) http://www.ohloh.net/p/libreoffice
4) http://www.ohloh.net/p/openoffice