WebApp Sec mailing list archives
RE: FW: Tools comparison and evaluation question (AppScan)
From: "Joe White" <joe () navio com>
Date: Fri, 17 Feb 2006 15:35:52 -0800
Serg, Here is a one stop shop for all of your layer 1-4 pen test needs. Layers 5-7 are still somewhat of a topic of contention :-) http://www.remote-exploit.org/index.php/BackTrack BackTrack is a bootable Linux CD solution that describes itself as the next iteration of the Auditor bundle. Just grab the ISO image and burn to a CD locally. I ultimately installed this distribution to the hard drive on a dedicated system and have been very impressed with the bundle as a whole. Also, if you poke around the site a bit, there is some decent docs on ramping up on the bundled tools if you are not that familiar with them already. Disclaimer: I am in no way related/connected to the Backtrack or Auditor distributions. However, I have used them both and share this information here from the perspective of a satisfied user and not necessarily a promoter or advocate of the tools mentioned. Hope this helps, Joe <<<>>> -----Original Message----- From: Serg B. [mailto:serg.belokamen () gmail com] Sent: Friday, February 17, 2006 7:45 AM To: webappsec () securityfocus com Subject: Re: FW: Tools comparison and evaluation question (AppScan) Just to direct the topic a little bit: Can anyone also recomed some good general pen-testing tools? So something that is not specific to web application testing. Doesn't have to be open source. Something a long the lines of Nessus. Thanks, Serg
Hi All, I am currently looking at using/evaluating a tool called AppScan (by watchfire.com). So the question is in two parts and ASAP reply would be greatly appreciated. First: Without starting a flame war (hopefully) or marketing campaign
(another
hopefully) can any one tell me abut their experience with the
software,
what you find useful about it, what not, any annoyances, missing functionality, etc. Second: Can anyone recommend any simular type of software, preferably open source (although not at all essential), and describe its performance, usability and "usefulness" so to speak using AppScan as a reference point. Thanks, Serg
------------------------------------------------------------------------
- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
l
------------------------------------------------------------------------
--
------------------------------------------------------------------------ -
This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR l
------------------------------------------------------------------------ --
------------------------------------------------------------------------ - This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR l ------------------------------------------------------------------------ -- ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- RE: Tools comparison and evaluation question (AppScan), (continued)
- RE: Tools comparison and evaluation question (AppScan) Rui Pereira (WCG) (Feb 17)
- Re: FW: Tools comparison and evaluation question (AppScan) Xyberpix (Feb 17)
- Re: FW: Tools comparison and evaluation question (AppScan) Peter Wood (Feb 17)
- RE: FW: Tools comparison and evaluation question (AppScan) David Munge (Feb 17)
- Re: FW: Tools comparison and evaluation question (AppScan) Peter Wood (Feb 17)
- RE: Tools comparison and evaluation question (AppScan) Xyberpix (Feb 17)
- RE: Tools comparison and evaluation question (AppScan) King, Stuart (REHQ-LON) (Feb 17)
- RE: Tools comparison and evaluation question (AppScan) Talwar, Mansi (Feb 17)
- RE: FW: Tools comparison and evaluation question (AppScan) Brokken, Allen P. (Feb 17)
- RE: FW: Tools comparison and evaluation question (AppScan) Erwin Geirnaert (Feb 17)
- RE: (OWASP Web App Tool Project) Tools comparison and evaluation question (AppScan) arian.evans (Feb 18)
- RE: FW: Tools comparison and evaluation question (AppScan) Joe White (Feb 17)
- RE: FW: Tools comparison and evaluation question (AppScan) arian.evans (Feb 18)
- Re: Tools comparison and evaluation question (AppScan) Tommy (Feb 19)
- RE: FW: Tools comparison and evaluation question (AppScan) arian.evans (Feb 18)
- Re: RE: Tools comparison and evaluation question (AppScan) mr . dan . friedman (Feb 19)
- RE: RE: Tools comparison and evaluation question (AppScan) Gavin, Michael (Feb 19)
- Re: RE: RE: Tools comparison and evaluation question (AppScan) david_allouch (Mar 22)