Penetration Testing mailing list archives

Re: Opinions of automated testers

From: Joey Peloquin <joeyp () cotse net>
Date: Thu, 10 May 2007 08:53:43 -0500

Benny Tsai wrote:

Another option is setting up WebGoat as a pen-test playground:

http://www.owasp.org/index.php/OWASP_WebGoat_Project

-Benny

Webgoat is absolutely terrible for evaluating automated scanners.  It's
intended as a training tool, not an evaluation platform (for now, at least).
 If you rely on it alone, you won't be happy with any scanner on the market.

Other than SPI and Cenzic's test sites, I'd take the advice of our other
peers that have recommended the Hacme* line of test apps.  If you're savvy,
you could also try to get your own running with the OWASP SiteGenerator
[http://www.owasp.org/index.php/Owasp_SiteGenerator].

Good luck!
 -jp

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Opinions of automated testers zackpeters75 (May 07)
- RE: Opinions of automated testers Erin Carroll (May 07)
  - RE: Opinions of automated testers M. Groen (May 09)
    - RE: Opinions of automated testers Erin Carroll (May 09)
    - Re: Opinions of automated testers Joern Ahrens (May 10)
    - RE: Opinions of automated testers John Reno (May 09)
    - Re: Opinions of automated testers Lee Lawson (May 10)
    - RE: Opinions of automated testers Kevin Reiter (May 09)
    - Re: Opinions of automated testers Benny Tsai (May 09)
    - Re: Opinions of automated testers Joey Peloquin (May 10)
    - RE: Opinions of automated testers Vishal Garg (May 10)
    - Re: Opinions of automated testers rajat swarup (May 15)
- Re: Opinions of automated testers Dotzero (May 08)
  - Re: Opinions of automated testers Lee Lawson (May 08)