Re: web application scanner question
- From: Vivek Ponnulliyil <iamherevivek@xxxxxxxxx>
- Date: Thu, 28 Jan 2010 22:37:52 +0530
My Recommenations are
1. w3af - It s absolutely Fun!! 4/5
2. IBM Rational AppScan - False positives, but powerful, thanx to orey Segal
3/5
3. HP Web Inspect - Ok! Gives some rare vulns 2/5
4. N Stalker - Cool.. Luv it detailed compliance specific classifications....
Etc... 4/5
4. Retina e Eye - Good.. 2/5
Have Fun..
thnx
On 1/28/10 11:55 AM, "Himanshu Goyal" <idhimanshu@xxxxxxxxx> wrote:
Acunetix and appscan are good tools.
Regards,
Himanshu
On Mon, Jan 11, 2010 at 10:47 PM, Ryan Giobbi <ryan@xxxxxxxxxxxx> wrote:
Hello pen-test readers,
I'm looking for recommendations on an easy-to use web application
scanner. It doesn't need to be free. It can be an application or
server-based. I'd like to avoid appliances.
I need one that can do the below.
* handle form, cookie, HTTP, and NTLM authentication
* provides reporting and logging in a sane format
* easy to configure, launch and run.
* test HTML, HTTP headers, script and very basic SSL problems
I'm not worried about missing critical but hard-to-find
vulnerabilities or issues in various browser plugins. In terms of
accuracy, the tool should catch the most common issues (xss, plain
text credentials, injection, etc) quickly.
Thanks for the opinions!!
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Vivek Ponnulliyil
Director Technology, Research & Development [Europe & Asia Pacific Region]
Bel Q UG (haftungsbeschraenkt)
Markt 1, 07958, Hohenleuben, Germany
Phone : +4915120522269, +493662283690
"The information in this e-mail and any attachments is confidential and may
Mobile: Europe:+447550040766
Mobile: India: +919654414992, +919847309545
Official Email: vivek@xxxxxxxxxxx
Personal Email: iamherevivek@xxxxxxxxx
VOIP/ Chat: Skype: iamherevivek
be legally privileged. It is intended solely for the addressee or
addressees. If you are not an intended recipient, please delete the message
and any attachments and notify the sender of mis delivery. Any use or
disclosure of the contents of either is unauthorized and may be unlawful.
All liability for viruses is excluded to the fullest extent permitted by
law.²
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Follow-Ups:
- Re: web application scanner question
- From: SD List
- Re: web application scanner question
- References:
- Re: web application scanner question
- From: Himanshu Goyal
- Re: web application scanner question
- Prev by Date: Re: [Full-disclosure] Can I manipulate packet’s specific field using Squid?
- Next by Date: Re: Nessus, Harmful?
- Previous by thread: Re: web application scanner question
- Next by thread: Re: web application scanner question
- Index(es):
Relevant Pages
|
