Everything's got to start somewhere. So I'm starting a BLOG.
I pulled out some parts of others' scripts to make self-signed SSL Certs for apache in OpenBSD.
#!/bin/sh
svrname="test.server"
destdir="/var/www/conf/$svrname"
prv="private"
dname="server"
sk="$destdir/$prv/$dname.key"
csr="$destdir/$prv/$dname.csr"
crt="$destdir/$dname.crt"
echo $sk
echo $csr
echo $crt
exit
/usr/sbin/openssl genrsa -out $sk 1024
/usr/sbin/openssl req -new -key $sk -out $csr
/usr/sbin/openssl x509 -req -days 365 -in $csr \
-signkey $sk -out $crt
Free tools
parosproxy.org
openvas.org
grendel-scan.com/blog
seleniumhq.org
http://www.cirt.net/nikto2
http://www.nstalker.com/
http://code.google.com/p/ratproxy/
Top 10 Web Vulnerability Scanners from InSecure.org (the nmap guys) in 2006 YMMV
http://sectools.org/web-scanners.html
Commercial tools
IBM App Scan (Formerly Watchfire)
HP WebInspect
Hail Storm
Documentation
owasp.org
webappsec.org
http://codefromthe70s.org/sslblacklist.aspx Firefox plug-in