Penetration Testing mailing list archives
Re: Pen testing web servers
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Sat, 20 Dec 2008 21:54:48 -0500
Well, in my experience NTO is far more accurate (less false positives and negatives). Its also not a pain in the ass to purchase. In the end though an automated scanner is just a basic tool to help the tester. If the tester is a bonehead, then the report will be useless. :)
On Dec 20, 2008, at 1:04 AM, Erin Carroll wrote:
On the commercial side, what does NTOspider offer or do better than anAppscan or WebInspect? I haven't had any hands-on time with NTOspider so amcurious. -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "I cannot brain today, I have the dumb"-----Original Message----- From: listbounce () securityfocus com[mailto:listbounce () securityfocus com] On Behalf Of Adriel T. DesautelsSent: Friday, December 19, 2008 7:08 PM To: Kevin P Biggs Cc: pen-test () securityfocus com Subject: Re: Pen testing web servers So you probably want a free one tool. if I were you I'd check out burp suite. It can help you assess thesecurity of your application at a very deep level if you know what youare doing. If you want to pay for something like a scanner, well I can't really recommend one. I have yet to find one that I'm at all impressed by aside from *maybe* NTOspider... but I'm still on the fence there... On Dec 19, 2008, at 9:35 PM, Kevin P Biggs wrote:Its for pentesting my own web server that I will be running wordpress, some forum software, and other things on ... Adriel T. Desautels wrote:Kevin, Are you looking to pentest your own web application or someone else's? Its an important question because the answer will determine the tool. On Dec 19, 2008, at 6:10 PM, Kevin P Biggs wrote:What does everyone consider the best pen tool for testing web servers? I have tried Nessus. What tool(s) do you recommend? ------------------------------------------------------------------------This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------Adriel T. Desautels ad_lists () netragard comAdriel T. Desautels ad_lists () netragard com ----------------------------------------------------------------------- - This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ----------------------------------------------------------------------- -
Adriel T. Desautels ad_lists () netragard com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Pen testing web servers Kevin P Biggs (Dec 19)
- RE: Pen testing web servers John Babio (Dec 19)
- Re: Pen testing web servers Micah Lee (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 19)
- Re: Pen testing web servers Kevin P Biggs (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 19)
- RE: Pen testing web servers Erin Carroll (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 20)
- Re: Pen testing web servers Kevin P Biggs (Dec 19)
- RE: [Dailydave] Pen testing web servers Brett Moore (Dec 20)
- RE: Pen testing web servers Shenk, Jerry A (Dec 23)
- <Possible follow-ups>
- Re: Pen testing web servers infolookup (Dec 19)