Educause Security Discussion mailing list archives

Re: Experiences with Web application vulnerability assessment (1) software (2) companies

From: "Hull, Dave" <dphull () KU EDU>
Date: Wed, 27 Feb 2008 15:47:03 -0600

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Randy Marchany
Sent: Wednesday, February 27, 2008 3:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Experiences with Web application vulnerability
assessment (1) software (2) companies

We use:

1. Accunetix - commercial www vulnerability scanner
2. Core Impact - commercial pen test tool
3. Webscarab - freeware www testing tool
4. Paros - freeware www vulnerability scanner with injection testing

Each one reports slight different info but the reports in combination
with a 
good security team analysis should help discover most www app problems.

        -Randy Marchany
        VA Tech IT Security Office & Lab

--- End ---

I have also used Webscarab (available at OWASP) and Paros. Both are web
proxy applications with some overlapping functionality and some unique
capabilities. These are invaluable tools for web app testing.

-- 
Dave

Current thread:

Experiences with Web application vulnerability assessment (1) software (2) companies Morrow Long (Feb 27)
- <Possible follow-ups>
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Gary Dobbins (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Johnson, Kevin (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Roger Safian (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Hull, Dave (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Randy Marchany (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Hull, Dave (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Halliday,Paul (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Petreski, Samuel (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Alex (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies curtw () siu edu (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Darwin Macatiag (Feb 28)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Alex (Feb 28)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Bob Doyle (Feb 29)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Darwin Macatiag (Feb 29)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Jon Hanny (Mar 03)