Penetration Testing mailing list archives
Re: web application scanner question
From: "SD List" <list () security-database com>
Date: Thu, 28 Jan 2010 21:41:30 +0100 (CET)
Hi there, See this document, you'll find many tools that can help you to achieve your tasks. http://www.security-database.com/toolswatch/Security-Database-Best-IT-Security.html Kind Regards N.OUCHN Founder Security-Database
My Recommenations are 1. w3af - It s absolutely Fun!! 4/5 2. IBM Rational AppScan - False positives, but powerful, thanx to orey Segal 3/5 3. HP Web Inspect - Ok! Gives some rare vulns 2/5 4. N Stalker - Cool.. Luv it detailed compliance specific classifications... Etc... 4/5 4. Retina e Eye - Good.. 2/5 Have Fun.. thnx On 1/28/10 11:55 AM, "Himanshu Goyal" <idhimanshu () gmail com> wrote:Acunetix and appscan are good tools. Regards, Himanshu On Mon, Jan 11, 2010 at 10:47 PM, Ryan Giobbi <ryan () tgbemail com> wrote:Hello pen-test readers, I'm looking for recommendations on an easy-to use web application scanner. It doesn't need to be free. It can be an application or server-based. I'd like to avoid appliances. I need one that can do the below. * handle form, cookie, HTTP, and NTLM authentication * provides reporting and logging in a sane format * easy to configure, launch and run. * test HTML, HTTP headers, script and very basic SSL problems I'm not worried about missing critical but hard-to-find vulnerabilities or issues in various browser plugins. In terms of accuracy, the tool should catch the most common issues (xss, plain text credentials, injection, etc) quickly. Thanks for the opinions!! ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------Vivek Ponnulliyil Director Technology, Research & Development [Europe & Asia Pacific Region] Bel Q UG (haftungsbeschraenkt) Markt 1, 07958, Hohenleuben, Germany Phone : +4915120522269, +493662283690Mobile: Europe:+447550040766 Mobile: India: +919654414992, +919847309545 Official Email: vivek () belqinc com Personal Email: iamherevivek () gmail com VOIP/ Chat: Skype: iamherevivek"The information in this e-mail and any attachments is confidential and may be legally privileged. It is intended solely for the addressee or addressees. If you are not an intended recipient, please delete the message and any attachments and notify the sender of mis delivery. Any use or disclosure of the contents of either is unauthorized and may be unlawful. All liability for viruses is excluded to the fullest extent permitted by law.²------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- web application scanner question Ryan Giobbi (Jan 11)
- Re: web application scanner question bugtraq (Jan 11)
- Re: web application scanner question Adrian Puente Z. (Jan 11)
- Re: web application scanner question Rodrigo Montoro(Sp0oKeR) (Jan 18)
- RE: web application scanner question Andy Cuff (Jan 19)
- Re: web application scanner question Rodrigo Montoro(Sp0oKeR) (Jan 18)
- Re: web application scanner question Ulises2k (Jan 11)
- Re: web application scanner question Husrev (Jan 21)
- Re: web application scanner question Himanshu Goyal (Jan 28)
- Re: web application scanner question Vivek Ponnulliyil (Jan 28)
- Re: web application scanner question SD List (Jan 28)
- Re: web application scanner question Vivek Ponnulliyil (Jan 28)