Penetration Testing mailing list archives
Re: Spi's products worth a try? Or any suggestions for developers' tool?
From: Cory Stoker <cory () clearnetsec com>
Date: Mon, 7 Nov 2005 12:56:11 -0700
I have used SPI Web inspect and it is a pretty good tool. It is not a run and forget tool but it is valuable in a web assessment. Mostly it is a time saver as it does many tests automatically so you do not have to write scripts for the repetitive tasks. One thing that rocks is the SPI toolkit option for Web Inspect as it is a framework for manual testing that is pretty comprehensive. However the licensing scheme for Web Inspect is very restrictive and expensive for a tool of this nature IMHO. For example the cheaper licenses restrict you to a single IP but the site wide license is very pricey. Also if your site utilizes Javascript heavily, SPI will have a tougher time crawling your site and analyzing it. If a site has Javascript you would manually crawl the site first then analyze the pages crawled.
--- Cory Stoker ClearNet Security On Nov 3, 2005, at 11:55 PM, Aman Raheja wrote:
HelloAnyone has any experience with Spi's tools for web application vulnerability scanning?http://www.spidynamics.com/products/index.htmlI need to suggest developers' tool so that they can self assess their application and reduce the overhead of the testing team.Any advice? Thanks in advance. Regards Aman Raheja http://www.techquotes.com---------------------------------------------------------------------- --------Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:http://www.securityfocus.com/sponsor/pen-test_050831---------------------------------------------------------------------- ---------
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Spi's products worth a try? Or any suggestions for developers' tool? Aman Raheja (Nov 04)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? Peter Wood (Nov 05)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? Cory Stoker (Nov 07)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Mike Pearson (Nov 08)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? caseytay (Nov 08)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Thomas Ryan (Nov 09)
- <Possible follow-ups>
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Evans, Arian (Nov 05)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Mike Pearson (Nov 06)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Rui Pereira (WCG) (Nov 06)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Evans, Arian (Nov 07)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Ory Segal (Nov 10)