Penetration Testing mailing list archives

RE: Pen testing web servers

From: "Erin Carroll" <amoeba () amoebazone com>
Date: Fri, 19 Dec 2008 22:04:19 -0800

On the commercial side, what does NTOspider offer or do better than an
Appscan or WebInspect? I haven't had any hands-on time with NTOspider so am
curious.

--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"I cannot brain today, I have the dumb"

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Adriel T. Desautels
Sent: Friday, December 19, 2008 7:08 PM
To: Kevin P Biggs
Cc: pen-test () securityfocus com
Subject: Re: Pen testing web servers

So you probably want a free one tool.

if I were you I'd check out burp suite. It can help you assess the
security of your application at a very deep level if you know what you
are doing. If you want to pay for something like a scanner, well I
can't really recommend one. I have yet to find one that I'm at all
impressed by aside from *maybe* NTOspider... but I'm still on the
fence there...

On Dec 19, 2008, at 9:35 PM, Kevin P Biggs wrote:

Its for pentesting my own web server that I will be running
wordpress, some forum software, and other things on ...
Adriel T. Desautels wrote:

Kevin,
   Are you looking to pentest your own web application or someone
else's? Its an important question because the answer will determine
the tool.


On Dec 19, 2008, at 6:10 PM, Kevin P Biggs wrote:

What does everyone consider the best pen tool for testing web
servers?
I have tried Nessus.
What tool(s) do you recommend?

-------------------------------------------------------------------

-----

This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
-------------------------------------------------------------------

-----


Adriel T. Desautels
ad_lists () netragard com


Adriel T. Desautels
ad_lists () netragard com




-----------------------------------------------------------------------
-
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
-----------------------------------------------------------------------
-



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

Pen testing web servers Kevin P Biggs (Dec 19)
- RE: Pen testing web servers John Babio (Dec 19)
- Re: Pen testing web servers Micah Lee (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 19)
  - Re: Pen testing web servers Kevin P Biggs (Dec 19)
    - Re: Pen testing web servers Adriel T. Desautels (Dec 19)
    - RE: Pen testing web servers Erin Carroll (Dec 19)
    - Re: Pen testing web servers Adriel T. Desautels (Dec 20)
- Re: Pen testing web servers Ulises2k (Dec 19)
- Re: Pen testing web servers A Dbest (Dec 19)
- Re: Pen testing web servers Michal Lovas (Dec 19)
- Re: Pen testing web servers Dave Aitel (Dec 20)
  - RE: [Dailydave] Pen testing web servers Brett Moore (Dec 20)
  - RE: Pen testing web servers Shenk, Jerry A (Dec 23)
- <Possible follow-ups>
- Re: Pen testing web servers infolookup (Dec 19)