Penetration Testing mailing list archives

Re: web application scanner question

From: bugtraq () cgisecurity net
Date: Mon, 11 Jan 2010 16:24:46 -0500 (EST)

Hello Ryan,

A list of scanners can be found linked off of the WASSEC project 
(http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria)
at http://projects.webappsec.org/Web-Application-Security-Scanner-List .

It is fair to say most commercial tools support MOST of what you want excluding maybe the SSL aspect. 

Regards,
- Robert
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/


Hello pen-test readers,

I'm looking for recommendations on an easy-to use web application
scanner. It doesn't need to be free. It can be an application or
server-based. I'd like to avoid appliances.

I need one that can do the below.
* handle form, cookie, HTTP, and NTLM authentication
* provides reporting and logging in a sane format
* easy to configure, launch and run.
* test HTML, HTTP headers, script and very basic SSL problems

I'm not worried about missing critical but hard-to-find
vulnerabilities or issues in various browser plugins. In terms of
accuracy, the tool should catch the most common issues (xss, plain
text credentials, injection, etc) quickly.

Thanks for the opinions!!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

web application scanner question Ryan Giobbi (Jan 11)
- Re: web application scanner question bugtraq (Jan 11)
- Re: web application scanner question Adrian Puente Z. (Jan 11)
  - Re: web application scanner question Rodrigo Montoro(Sp0oKeR) (Jan 18)
    - RE: web application scanner question Andy Cuff (Jan 19)
- Re: web application scanner question Ulises2k (Jan 11)
- Re: web application scanner question Husrev (Jan 21)
- Re: web application scanner question Himanshu Goyal (Jan 28)
  - Re: web application scanner question Vivek Ponnulliyil (Jan 28)
    - Re: web application scanner question SD List (Jan 28)