RE: Pen testing web servers



On the commercial side, what does NTOspider offer or do better than an
Appscan or WebInspect? I haven't had any hands-on time with NTOspider so am
curious.

--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"I cannot brain today, I have the dumb"


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Adriel T. Desautels
Sent: Friday, December 19, 2008 7:08 PM
To: Kevin P Biggs
Cc: pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: Pen testing web servers

So you probably want a free one tool.

if I were you I'd check out burp suite. It can help you assess the
security of your application at a very deep level if you know what you
are doing. If you want to pay for something like a scanner, well I
can't really recommend one. I have yet to find one that I'm at all
impressed by aside from *maybe* NTOspider... but I'm still on the
fence there...

On Dec 19, 2008, at 9:35 PM, Kevin P Biggs wrote:

Its for pentesting my own web server that I will be running
wordpress, some forum software, and other things on ...
Adriel T. Desautels wrote:
Kevin,
Are you looking to pentest your own web application or someone
else's? Its an important question because the answer will determine
the tool.


On Dec 19, 2008, at 6:10 PM, Kevin P Biggs wrote:

What does everyone consider the best pen tool for testing web
servers?
I have tried Nessus.
What tool(s) do you recommend?

-------------------------------------------------------------------
-----
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
-------------------------------------------------------------------
-----


Adriel T. Desautels
ad_lists@xxxxxxxxxxxxx






Adriel T. Desautels
ad_lists@xxxxxxxxxxxxx




-----------------------------------------------------------------------
-
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
-----------------------------------------------------------------------
-


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • RE: My Frustrations
    ... If you are not an intended recipient you ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • [Fwd: Re: My Frustrations]
    ... Subject: My Frustrations ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: OSCP
    ... I took the OSCP training earlier this year and thought it was fantastic. ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: Cheat Sheets
    ... I am looking for cheat sheets that i can use during work and quick reference ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: Looking for help against Chinese Hacking Team
    ... Out of curiosity, how do you know that your attackers are Chinese, and not ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)