So as part of my exploration into the fascinating world of backtrack 5 I found yesterday within it’s depths a tool called w3af GUI of course you could download this opensource or any opensource application outside of backtrack and use it but having an all in one pen test / hacking operating system built on Linux is great.
If you build web apps that need to stand up to the specific threats listed as part of the OWASP top 10 project then running a VM of backtrack in VMWare or VirtualBox could be just the ticket to ensure your app is robust enough to fend off the pen. test company.
It was just a case of loading up the app via BackTrack – Exploitation tools – web exploitation tools – w3af_gui, select the OWASP_TOP10 profile, supply a starting URL and click start… it will then crawl through the site trying to do all sorts of nasties… usually takes quite some time as it is a very in depth analysis…