Educause Security Discussion mailing list archives

Re: Experiences with Web application vulnerability assessment (1) software (2) companies

From: "Petreski, Samuel" <samuel-petreski () UIOWA EDU>
Date: Wed, 27 Feb 2008 17:42:12 -0600

We also use Acunetix as our primary web vulnerability scanning tool and if
you compare it with other commercial products, it seems to be have very
decent results for a very competitive price.

--Samuel

Samuel Petreski
Sr. Security Analyst
CIO Office
University of Iowa


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Randy Marchany
Sent: Wednesday, February 27, 2008 3:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Experiences with Web application vulnerability
assessment (1) software (2) companies

We use:

1. Accunetix - commercial www vulnerability scanner
2. Core Impact - commercial pen test tool
3. Webscarab - freeware www testing tool
4. Paros - freeware www vulnerability scanner with injection testing

Each one reports slight different info but the reports in combination with a
good security team analysis should help discover most www app problems.

        -Randy Marchany
        VA Tech IT Security Office & Lab

Attachment: smime.p7s
Description:

Current thread:

Experiences with Web application vulnerability assessment (1) software (2) companies Morrow Long (Feb 27)
- <Possible follow-ups>
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Gary Dobbins (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Johnson, Kevin (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Roger Safian (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Hull, Dave (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Randy Marchany (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Hull, Dave (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Halliday,Paul (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Petreski, Samuel (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Alex (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies curtw () siu edu (Feb 27)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Darwin Macatiag (Feb 28)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Alex (Feb 28)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Bob Doyle (Feb 29)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Darwin Macatiag (Feb 29)
- Re: Experiences with Web application vulnerability assessment (1) software (2) companies Jon Hanny (Mar 03)