RE: web application scanner question



Morning,
Our website provides vendor neutral information on 26 different web scanners
http://www.securitywizardry.com/index.php/products/Scanning-Products/Website-Scanners.html

If it's missing any please add them or let us know. More importantly, please review them and tell the community what you think of the various products

Regards

Andy Cuff
Technical Director
Computer Network Defence Ltd

Web www.SecurityWizardry.com
email Andy.Cuff@xxxxxxxxxxxxxxxxxxxx




-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Rodrigo
Montoro(Sp0oKeR)
Sent: 14 January 2010 02:35
To: Adrian Puente Z.
Cc: Ryan Giobbi; pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: web application scanner question

Just to complement N-Stalker is not new (10 years old company)

N-Stalker® was created in April 2000 by information security
technology specialists, aiming at providing solutions to protect
corporations and individuals against digital threats that affect
information systems. Since then, our research & development laboratory
has been working non-stop on security researches, producing web attack
detection controls for the past years.

http://nstalker.com/about

In the beginning it was released as N-Stealth .

Regards,

On Mon, Jan 11, 2010 at 6:22 PM, Adrian Puente Z.
<puenteadrian@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I recommend Acunetix. We have been using those apps for a long time
now
and It does everything you said you need. It can be kind of
aggressive
though.

http://www.acunetix.com/

 I also recommend NStalker. It's kinda new but it helps to compare
the
results with the Acunetix.

http://www.nstalker.com/

Greets,


Ryan Giobbi wrote:
Hello pen-test readers,

I'm looking for recommendations on an easy-to use web application
scanner. It doesn't need to be free. It can be an application or
server-based. I'd like to avoid appliances.

I need one that can do the below.
* handle form, cookie, HTTP, and NTLM authentication
* provides reporting and logging in a sane format
* easy to configure, launch and run.
* test HTML, HTTP headers, script and very basic SSL problems

I'm not worried about missing critical but hard-to-find
vulnerabilities or issues in various browser plugins. In terms of
accuracy, the tool should catch the most common issues (xss, plain
text credentials, injection, etc) quickly.

Thanks for the opinions!!

--------------------------------------------------------------------
----
This list is sponsored by: Information Assurance Certification
Review Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
--------------------------------------------------------------------
----


- --
Adrián Puente Z.
[www.hackarandas.com]
Donde las ideas se dispersan en bytes...

"... ruego a mi orgullo que se acompañe siempre de mi prudencia,
y si algún día mi prudencia se echara a volar, que al menos
pueda volar junto con mi locura"
       --Nietzche

Huella: FBD6 4C36 2557 C64C 1318  70A8 F561 CB6F 4E40 5AFB
http://www.hackarandas.com/apuente_at_hackarandas.com.asc.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktLiHUACgkQW2tF/eN2yfYpQACdFnKylFGho2s5qmX05KHRrCXk
DlwAoICKg4MkY13cOJjDjgNKM1u1EGEQ
=8A8s
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
---
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
---------------------------------------------------------------------
---





--
Rodrigo Montoro (Sp0oKeR)
http://www.spooker.com.br
http://www.twitter.com/spookerlabs
http://www.linkedin.com/in/spooker

-----------------------------------------------------------------------
-
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
-----------------------------------------------------------------------
-



Relevant Pages

  • RE: Windows Patch Auditing & "File and Print Sharing" disabled
    ... Windows Patch assessment scan requires that the scanner (in your case ... IACRB CPT and CEPT certs require ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • hand held scanner
    ... printed this week in the Detroit Free Press. ... Setting up portable scanner from DocuPen was an exercise in frustration ... This started out to be a product review. ... The unit I have came as part of what is a $399 Executive Kit, ...
    (comp.periphs.scanners)
  • Re: Old scanner died, recommendations for new one?
    ... most of them even by Mac users were pretty positive. ... It's a *scanner*, not Photoshop. ... > Have you taken a look at the review in MacWorld? ... > wherein they say the Epson isn't as clear as the Canon? ...
    (comp.sys.mac.system)
  • Re: Bit depth question
    ... at some Konika-Minolta DiMage Scan Dual Elite II's (why don't they drop that ... silly name) on ebay. ... I read CNet's review of it and I think the author is ... Not only has he slammed a perfectly good scanner, he has demonstrated that he didn't bother to use it properly and has recommended an *inferior* product in preference! ...
    (comp.periphs.scanners)
  • Re: AVG and Outlook Express Attachments...
    ... I've had AVG for years. ... So maybe turning off the scanning is not so bad. ... Tools - Advanced settings - Email Scanner - Certification ...
    (alt.comp.anti-virus)