Penetration Testing mailing list archives
Re: Opinions on Burp Suite Web App Scanner
From: Meenal Mukadam <meenal.mukadam () gmail com>
Date: Tue, 18 Oct 2011 23:15:57 -0600
Dear Jon, Webscarab was my #1 but after using Burp I had to hand over the #1 title to Burp Suite. Many 'on-the-fly' options for testing makes it a pentesters best friend. You can also refer to this article if you want more information about different scanners and their accuracy: http://ha.ckers.org/blog/20100203/accuracy-and-time-costs-of-web-application-security-scanner-report/ Regards, Meenal Mukadam On Wed, Oct 12, 2011 at 10:41 AM, Ben de Bont <bendebont () gmail com> wrote:
BurpSuite is my pen-test teams tool of choice. The spider and scanner are great, and it has a lot of other functionality that is very useful. It is also cheap - get it. - Ben de Bont -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Derrenbacker, L. Jonathan Sent: Wednesday, October 12, 2011 8:31 AM To: pen-test () securityfocus com Subject: Opinions on Burp Suite Web App Scanner I have budget for a web app vulnerability scanner, and I was wondering if anyone has opinions on the professional version Burp Suite with the scanner option. Is the scanner any good? Accurate? This is the website if anyone doesn't know what it is: http://portswigger.net/burp/scanner.html Thanks, Jon ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Nmap, (continued)
- Re: Nmap Marco Ivaldi (Oct 03)
- Re: Nmap Tim Gonzales (Oct 01)
- Re: Nmap Jerry (Oct 01)
- Re: Nmap Jeffory Atkinson (Oct 01)
- Re: Nmap John M. Martinelli (Oct 03)
- Opinions on Burp Suite Web App Scanner Derrenbacker, L. Jonathan (Oct 12)
- Re: Opinions on Burp Suite Web App Scanner pand0ra (Oct 12)
- Re: Opinions on Burp Suite Web App Scanner Fabio Cerullo (Oct 12)
- Re: Opinions on Burp Suite Web App Scanner Matt Gardenghi (Oct 12)
- RE: Opinions on Burp Suite Web App Scanner Ben de Bont (Oct 12)
- Re: Opinions on Burp Suite Web App Scanner Meenal Mukadam (Oct 19)
- Re: Opinions on Burp Suite Web App Scanner Yiannis Koukouras (Oct 21)
- Re: Nmap John M. Martinelli (Oct 03)
- Re: Opinions on Burp Suite Web App Scanner Robin Wood (Oct 12)