Re: web application scanner question

From: Himanshu Goyal <idhimanshu@xxxxxxxxx>
Date: Thu, 28 Jan 2010 11:55:09 +0530

Acunetix and appscan are good tools.

Regards,
Himanshu

On Mon, Jan 11, 2010 at 10:47 PM, Ryan Giobbi <ryan@xxxxxxxxxxxx> wrote:

Hello pen-test readers,

I'm looking for recommendations on an easy-to use web application
scanner. It doesn't need to be free. It can be an application or
server-based. I'd like to avoid appliances.

I need one that can do the below.
* handle form, cookie, HTTP, and NTLM authentication
* provides reporting and logging in a sane format
* easy to configure, launch and run.
* test HTML, HTTP headers, script and very basic SSL problems

I'm not worried about missing critical but hard-to-find
vulnerabilities or issues in various browser plugins. In terms of
accuracy, the tool should catch the most common issues (xss, plain
text credentials, injection, etc) quickly.

Thanks for the opinions!!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Follow-Ups:
- Re: web application scanner question
  - From: Vivek Ponnulliyil

References:
- web application scanner question
  - From: Ryan Giobbi

Prev by Date: Re: Flash Web Application
Next by Date: Re: Flash Web Application
Previous by thread: Re: web application scanner question
Next by thread: Re: web application scanner question
Index(es):
- Date
- Thread

Relevant Pages

Re: backtrack tutorial ?
... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)
Re: OSCP ?
... I like to say that the OSCP training is like a set of carpenter tools. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)
Re: OSCP ?
... Also IMHO if they exam was like the material then where is the challenge? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)
Re: CEPT
... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)
Re: compiling exploit code
... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)