Re: Pointers to Free Web Vulnerability Scanners for Blackbox testing

["Thiago Zaninotti" <thiago () zaninotti net>]

 Hi Rajiv,

You may also try out N-Stalker Free Edition (Free Web Vulnerability scanner):
http://www.nstalker.com/free-edition

Rgds,
Thiago


>  On 12/11/07, Lee Lawson <leejlawson () gmail com> wrote:
> >  I would start by reading the OWASP (Open Web Application Security
> > Project) Top Ten web application vulnerabilities, it can be found
> > here:
> > http://www.owasp.org/index.php/Top_10_2007
> >
> > I have written some papers about the top ten which can be found here:
> > http://www.dns.co.uk/advisorycentre/whitepapers/
> >
> > This will give you a good grounding in the most common errors.  Then
> > you can start finding them.
> >
> > Are you after open source black box web app scanners?  Something you
> > need to understand is the difference between the server and the
> > application.
> >
> > Server:
> > Nikto
> > Wikto (which contains Nikto and runs on Windows)
> >
> > Application:
> > WebInspect (SPI Dynamics - now HP) - commercial - expensive but one of
> > the better scanners.
> > AppScan (Watchfire - Now IBM) - commercial - expensive but one of the
> > better scanners.
> >
> > As for open source tools, you will not go far wrong with WebScarab
> > (http://www.owasp.org/index.php/Category:OWASP_Project).
> >
> > later,
> >
> >
> > On 7 Dec 2007 03:22:07 -0000, < rajivvishwa () gmail com> wrote:
> > > Hi Guys,
> > >
> > >
> > > I've been assigned to a project in which i'm asked to get a report on vulnerabilities present in a website hosted 
> > > by my client. I'm new to blackbox testing on web applications. The duration of the project is  1.5 months. Can 
> > > anyone comment on the following points
> > >
> > > 1. What are the important things to remember while doing blackbox web app testing?
> > >
> > > 2. Suggest some best free tools which are available to perform the test?
> > >
> > > 3. Where do i find the recommendation in case the tools reports various vulns in the site?
> > >
> > > 4. What is the traffic generated on the site due to the test?
> > >
> > >
> > > Any suggestions would be appreciated.
> > >
> > >
> > > Regards,
> > >
> > > Rajiv,
> > >
> > > Security Team
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Cenzic
> >  >
> > > Need to secure your web apps NOW?
> > > Cenzic finds more, "real" vulnerabilities fast.
> > > Click to try it, buy it or download a solution FREE today!
> > >
> > >  http://www.cenzic.com/downloads
> > > ------------------------------------------------------------------------
> >
> >
> >
> > --
> > Lee J Lawson
> > leejlawson () gmail com
> >
> > "Give a man a fire, and he'll be warm for a day; set a man on fire,
> > and he'll be warm for the rest of his life."
> >
> > "Quidquid latine dictum sit, altum sonatur."
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> >  http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
>
>
>
> --
> Thiago Zaninotti,Security+,CISSP-ISSAP,CISM
> Info Security Professional



-- 
Thiago Zaninotti,Security+,CISSP-ISSAP,CISM
Info Security Professional

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------