Re: Application Security Scanning

[Andrew Simmons <asimmons () messagelabs com>]

hi Adam,


adam.hirsch () drkw com wrote:

> I was hoping to see if anyone has heard of an application security scanner 
> that scan scan non-web based applications. So far, the only automated tools 
> that I have been able to find are source code security scanners. Has anyone 
> heard of an application that can scan non-web based apps?
>  


As far as I know, only scanners that are specifically intended for web
apps (such as Nitko) don't work against 'non-web' apps. Certainly
Nessus, Retina, Nmap et al all work fine against non-web apps, as long
as they have a network interface.

I'm a bit puzzled by the question, actually. By "non-web" do you mean
"not using HTTP over port 80/443"? Or "apps that don't use the network"?


cheers

\a

--
Andrew Simmons
Technical Security Consultant
MessageLabs - Be certain


--
Andrew Simmons
Technical Security Consultant
MessageLabs

Mobile: +44 (7917) 178745
asimmons () messagelabs com
 www.messagelabs.com

MessageLabs - Be certain

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------