Tuesday, June 14, 2011

SPIKE Proxy – Application Level Security Assessment

12:52 AM  expert  No comments

SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include:

  • Automated SQL Injection Detection
  • Web Site Crawling (guaranteed not to crawl sites other than the one being tested)
  • Login form brute forcing
  • Automated overflow detection
  • Automated directory traversal detection
Not all web applications are built in the same ways, and hence, many must be analyzed individually. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it’s completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows.
Note: that SPIKE Proxy requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution.
SPIKE is a fairly mature tool having been around since about 2003, we at Darknet use Spike Proxy along with the Burp Suite for web application security analysis.
You can download SPIKE here:
Download for Linux | Download for Windows
Limited information can be found here:
Immunity Free Software

Posted in:

0 comments:

Post a Comment