Educause Security Discussion mailing list archives

Re: web application scanning

From: Greg Williams <gwillia5 () UCCS EDU>
Date: Tue, 7 Feb 2012 20:09:03 +0000

+1 for W3AF for general web applications and code.  OpenVAS will detect specific application framework issues.  Nessus 
will do the same.

Here is a great article from last August that dives into each Web Application Scanner and its features.  Open Source 
and Commercial  http://sectooladdict.blogspot.com/2011/08/commercial-web-application-scanner.html 

Greg Williams
IT Security Principal
University of Colorado at Colorado Springs
Website: http://www.uccs.edu/itsecure



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael 
Sheinberg
Sent: Tuesday, February 07, 2012 12:45 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] web application scanning

Hello,

Does anyone here have any recommendations for tools (preferably
open-source) that will scan web-servers for vulnerable application frameworks + plug-ins?

Stuff like looking for out-of-date Drupal, Joomla, etc. Obviously I can find some of these tools with Google on my own, 
just curious if anyone has any positive experience with any in particular.

Thanks!
--
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
Michael Sheinberg
Network Security Administrator, CETS

School of Engineering and Applied Science -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

Current thread:

web application scanning Michael Sheinberg (Feb 07)
- Re: web application scanning Paul Lepkowski (Feb 07)
  - Re: web application scanning Indir Avdagic (Feb 07)
- Re: web application scanning Greg Williams (Feb 07)
- Re: web application scanning randy marchany (Feb 07)
  - Re: web application scanning Chris Green (Feb 08)
- Re: web application scanning Seth Hall (Feb 07)
- Re: web application scanning Seth Hall (Feb 07)
- Re: web application scanning Brian J Smith-Sweeney (Feb 07)
  - Re: web application scanning David Pirolo (Feb 07)