Penetration Testing mailing list archives
Re: out of box scanner
From: Rob Fuller <jd.mubix () gmail com>
Date: Mon, 30 Nov 2009 15:55:36 -0500
I completely agree with Aleph - Burp is the way to go if you are looking for the best of breed, but for the zero-to-report type scanner, please see the aforementioned list. -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com On Mon, Nov 30, 2009 at 3:51 PM, Aleph One <al3ph.one () gmail com> wrote:
If you are looking for only scanners, then may be above scanners are in the right league. You can happily ignore the further part of this post. If you are looking for best web application tool involving manual and automated techniques, Burp rules the web app pen testing today. Webscarab,paros and most of the others had many limitations that were overcame by this tool and is still improving. You should verify it with other people or pen testers through your first/second degree network to get a direct feedback. These scanners are alright if you have to scan and throw away reports just for the heck of scanning or doin git for the clients who do not know what is pen testing beyong vulnerabilitiy assessment.. In order to find out issues technically, such as SQL Injection or say CSRF , these tools may not do so off the track at some parameters that may be outside the scope of the way scanner is coded. It will just use those filters/checks specfically built inside unlike a manual technique combined with some automated techniques. I am not at all related with burp or any of the guys associated with tool. Hope my suggestion is taken as neutral. On Mon, Nov 30, 2009 at 2:33 PM, Rob Fuller <jd.mubix () gmail com> wrote:I would highly suggest taking a look at the scanner list here: http://webappsec.pbworks.com/Web-Application-Security-Scanner-List Seems to be the most comprehensive list... (at least that I've seen) -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com On Mon, Nov 30, 2009 at 4:24 AM, Onur YILMAZ <contact () onuryilmaz info> wrote:You can try Netsparker; http://www.mavitunasecurity.com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of John Bennett Sent: Wednesday, November 25, 2009 6:16 PM To: pen-test () securityfocus com Subject: out of box scanner I'm currently evaluating some commercial scanners and wanted to get a feel for others experiences with appscan/cenzic/webinspect. Any gotcha's with any of these products and can anybody recommend one over the other? thanks, John ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- 4E 6F 6C 69 67 68 74 61 74 74 68 65 65 6E 64 6F 66 74 75 6E 6E 65 6C 79 65 74 21
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: out of box scanner Rob Fuller (Dec 01)
- <Possible follow-ups>
- Re: out of box scanner yilmaz . cankaya (Dec 01)
- Re: out of box scanner Nathan Grandbois (Dec 04)