Penetration Testing mailing list archives
Re: Opinions on Burp Suite Web App Scanner
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Fri, 21 Oct 2011 16:24:20 +0300
I second Fabio... If you want to verify your web app is secure, then get a pentester to do the job. Burp is meant to be a helping hand to the pentester, not an assurance tool. BR, Ioannis (Yiannis) Koukouras CISSP, CISA, CISM MSc in Computer Systems Security BEng in Electronic Engineering http://www.linkedin.com/in/ikoukouras --- The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by responding to this email and then delete it from your system. On Wed, Oct 19, 2011 at 8:15 AM, Meenal Mukadam <meenal.mukadam () gmail com> wrote:
Dear Jon, Webscarab was my #1 but after using Burp I had to hand over the #1 title to Burp Suite. Many 'on-the-fly' options for testing makes it a pentesters best friend. You can also refer to this article if you want more information about different scanners and their accuracy: http://ha.ckers.org/blog/20100203/accuracy-and-time-costs-of-web-application-security-scanner-report/ Regards, Meenal Mukadam On Wed, Oct 12, 2011 at 10:41 AM, Ben de Bont <bendebont () gmail com> wrote:BurpSuite is my pen-test teams tool of choice. The spider and scanner are great, and it has a lot of other functionality that is very useful. It is also cheap - get it. - Ben de Bont -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Derrenbacker, L. Jonathan Sent: Wednesday, October 12, 2011 8:31 AM To: pen-test () securityfocus com Subject: Opinions on Burp Suite Web App Scanner I have budget for a web app vulnerability scanner, and I was wondering if anyone has opinions on the professional version Burp Suite with the scanner option. Is the scanner any good? Accurate? This is the website if anyone doesn't know what it is: http://portswigger.net/burp/scanner.html Thanks, Jon ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Nmap, (continued)
- Re: Nmap Tim Gonzales (Oct 01)
- Re: Nmap Jerry (Oct 01)
- Re: Nmap Jeffory Atkinson (Oct 01)
- Re: Nmap John M. Martinelli (Oct 03)
- Opinions on Burp Suite Web App Scanner Derrenbacker, L. Jonathan (Oct 12)
- Re: Opinions on Burp Suite Web App Scanner pand0ra (Oct 12)
- Re: Opinions on Burp Suite Web App Scanner Fabio Cerullo (Oct 12)
- Re: Opinions on Burp Suite Web App Scanner Matt Gardenghi (Oct 12)
- RE: Opinions on Burp Suite Web App Scanner Ben de Bont (Oct 12)
- Re: Opinions on Burp Suite Web App Scanner Meenal Mukadam (Oct 19)
- Re: Opinions on Burp Suite Web App Scanner Yiannis Koukouras (Oct 21)
- Re: Nmap John M. Martinelli (Oct 03)
- Re: Opinions on Burp Suite Web App Scanner Robin Wood (Oct 12)
- Re: Nmap Tim Gonzales (Oct 01)