Re: Web Vulnerability Scanner

[Erin Carroll <amoeba () amoebazone com>]

Tareq,

There a many web-app scanners out there, both commercial and OSS. You 
probably want to pose this question on the webappsec@securityfocus mailing 
list but I let this post through to the list because list members are 
always proposing new tools or utilities that I can grab to play with.

Some of the more useful ones to me in pen-testing are Nikto, Suru, 
Wikto[1], or burpsuite on the OSS front and WebInspect or AppScan on the 
commercial tool end.

Depending on the codebase and specifics of the webapp you are testing 
there are a plethora of situation-specific tools out there; from .asp to 
SQL, to java etc.


[1] Yes, I know these 3 are pretty much similar and that Suru has 
superceded nikto but each of them has specific usage cases or things they 
do just a slight bit better than the others.


--
Erin Carroll
Moderator - SecurityFocus pen-test list


 On Thu, 12 Oct 2006, 
Tareq AlKhatib wrote:

> Hey all,
>
> I have been asked to look for a good web vulnerability scanner. I
> already have Nikto and Nessus (free version) in my toolkit. Can anyone
> recommend a good web scanner?
>
> Yours truly,
>
> Tareq M. AlKhatib
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------