Re: web application scanner question



My Recommenations are

1. w3af - It s absolutely Fun!! 4/5
2. IBM Rational AppScan - False positives, but powerful, thanx to orey Segal
3/5
3. HP Web Inspect - Ok! Gives some rare vulns 2/5
4. N Stalker - Cool.. Luv it detailed compliance specific classifications....
Etc... 4/5
4. Retina e Eye - Good.. 2/5

Have Fun..

thnx


On 1/28/10 11:55 AM, "Himanshu Goyal" <idhimanshu@xxxxxxxxx> wrote:

Acunetix and appscan are good tools.

Regards,
Himanshu

On Mon, Jan 11, 2010 at 10:47 PM, Ryan Giobbi <ryan@xxxxxxxxxxxx> wrote:
Hello pen-test readers,

I'm looking for recommendations on an easy-to use web application
scanner. It doesn't need to be free. It can be an application or
server-based. I'd like to avoid appliances.

I need one that can do the below.
* handle form, cookie, HTTP, and NTLM authentication
* provides reporting and logging in a sane format
* easy to configure, launch and run.
* test HTML, HTTP headers, script and very basic SSL problems

I'm not worried about missing critical but hard-to-find
vulnerabilities or issues in various browser plugins. In terms of
accuracy, the tool should catch the most common issues (xss, plain
text credentials, injection, etc) quickly.

Thanks for the opinions!!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Vivek Ponnulliyil
Director Technology, Research & Development [Europe & Asia Pacific Region]

Bel Q UG (haftungsbeschraenkt)
Markt 1, 07958, Hohenleuben, Germany
Phone : +4915120522269, +493662283690


Mobile: Europe:+447550040766
Mobile: India: +919654414992, +919847309545

Official Email: vivek@xxxxxxxxxxx
Personal Email: iamherevivek@xxxxxxxxx
VOIP/ Chat: Skype: iamherevivek


"The information in this e-mail and any attachments is confidential and may
be legally privileged. It is intended solely for the addressee or
addressees. If you are not an intended recipient, please delete the message
and any attachments and notify the sender of mis delivery. Any use or
disclosure of the contents of either is unauthorized and may be unlawful.
All liability for viruses is excluded to the fullest extent permitted by
law.²





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Graduate CS Pen Testing Class
    ... You can find a really good free online course at MetaSploit Unleashed. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Different ways to portscan IPS
    ... Scripting netcat to do a connect only scan worked for my team. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: web application scanner question
    ... Information Assurance Certification Review ... do a proper penetration test. ... IACRB CPT and CEPT certs require a full ... practical examination in order to become certified. ...
    (Pen-Test)
  • RE: c|eh v7 - study material
    ... actually do a proper penetration test. ... full practical examination in order to become certified. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • RE: Graduate CS Pen Testing Class
    ... Graduate CS Pen Testing Class ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ... Information Assurance Certification Review Board ...
    (Pen-Test)