Re: web application scanner question

Hello Ryan,

You could try this tools:

- W3af - http://w3af.sf.net
- Acunetix - http://www.acunetix.com/
- Nessus - Web App Scann -
http://blog.tenablesecurity.com/2009/11/video-web-app-scanning-with-credentials-using-nessus.html
http://www.nessus.org

- HP WebInspect - https://download.spidynamics.com/products/webinspect/
- NetSparker - http://www.mavitunasecurity.com/
- AppScan (Ex-Watchfire) -
http://www.ibm.com/developerworks/rational/products/appscan/
- Cenzic Hailstorm Started -
http://www.cenzic.com/products/cenzic-hailstorm-starterCore/

Regards,



On Mon, Jan 11, 2010 at 14:17, Ryan Giobbi <ryan@xxxxxxxxxxxx> wrote:
Hello pen-test readers,

I'm looking for recommendations on an easy-to use web application
scanner. It doesn't need to be free. It can be an application or
server-based. I'd like to avoid appliances.

I need one that can do the below.
* handle form, cookie, HTTP, and NTLM authentication
* provides reporting and logging in a sane format
* easy to configure, launch and run.
* test HTML, HTTP headers, script and very basic SSL problems

I'm not worried about missing critical but hard-to-find
vulnerabilities or issues in various browser plugins. In terms of
accuracy, the tool should catch the most common issues (xss, plain
text credentials, injection, etc) quickly.

Thanks for the opinions!!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------





--
Ulises U. Cuñé
Web: http://www.ulises2k.com.ar

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Relevant Pages

  • RE: So long and thanks a bunch!
    ... Information Assurance Certification Review ... actually do a proper penetration test. ... IACRB CPT and CEPT certs require ...
    (Pen-Test)
  • Re: Pentest exams
    ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • RE: Hacking and Building Web Applications
    ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Evaluating pentesters
    ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Tools for pen-test
    ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)