Penetration Testing mailing list archives
RE: web application scanner question
From: Andy Cuff <andy.cuff () securitywizardry com>
Date: Mon, 18 Jan 2010 23:28:27 -0800
Morning, Our website provides vendor neutral information on 26 different web scanners http://www.securitywizardry.com/index.php/products/Scanning-Products/Website-Scanners.html If it's missing any please add them or let us know. More importantly, please review them and tell the community what you think of the various products Regards Andy Cuff Technical Director Computer Network Defence Ltd Web www.SecurityWizardry.com email Andy.Cuff () securitywizardry com
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Rodrigo Montoro(Sp0oKeR) Sent: 14 January 2010 02:35 To: Adrian Puente Z. Cc: Ryan Giobbi; pen-test () securityfocus com Subject: Re: web application scanner question Just to complement N-Stalker is not new (10 years old company) N-Stalker® was created in April 2000 by information security technology specialists, aiming at providing solutions to protect corporations and individuals against digital threats that affect information systems. Since then, our research & development laboratory has been working non-stop on security researches, producing web attack detection controls for the past years. http://nstalker.com/about In the beginning it was released as N-Stealth . Regards, On Mon, Jan 11, 2010 at 6:22 PM, Adrian Puente Z. <puenteadrian () gmail com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I recommend Acunetix. We have been using those apps for a long timenowand It does everything you said you need. It can be kind ofaggressivethough. http://www.acunetix.com/ I also recommend NStalker. It's kinda new but it helps to comparetheresults with the Acunetix. http://www.nstalker.com/ Greets, Ryan Giobbi wrote:Hello pen-test readers, I'm looking for recommendations on an easy-to use web application scanner. It doesn't need to be free. It can be an application or server-based. I'd like to avoid appliances. I need one that can do the below. * handle form, cookie, HTTP, and NTLM authentication * provides reporting and logging in a sane format * easy to configure, launch and run. * test HTML, HTTP headers, script and very basic SSL problems I'm not worried about missing critical but hard-to-find vulnerabilities or issues in various browser plugins. In terms of accuracy, the tool should catch the most common issues (xss, plain text credentials, injection, etc) quickly. Thanks for the opinions!! ------------------------------------------------------------------------This list is sponsored by: Information Assurance CertificationReview BoardProve to peers and potential employers without a doubt that you canactually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ------------------------------------------------------------------------- -- Adrián Puente Z. [www.hackarandas.com] Donde las ideas se dispersan en bytes... "... ruego a mi orgullo que se acompañe siempre de mi prudencia, y si algún día mi prudencia se echara a volar, que al menos pueda volar junto con mi locura" --Nietzche Huella: FBD6 4C36 2557 C64C 1318 70A8 F561 CB6F 4E40 5AFB http://www.hackarandas.com/apuente_at_hackarandas.com.asc.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktLiHUACgkQW2tF/eN2yfYpQACdFnKylFGho2s5qmX05KHRrCXk DlwAoICKg4MkY13cOJjDjgNKM1u1EGEQ =8A8s -----END PGP SIGNATURE----- ------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification ReviewBoardProve to peers and potential employers without a doubt that you canactually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org -------------------------------------------------------------------------- Rodrigo Montoro (Sp0oKeR) http://www.spooker.com.br http://www.twitter.com/spookerlabs http://www.linkedin.com/in/spooker ----------------------------------------------------------------------- - This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ----------------------------------------------------------------------- -
Current thread:
- web application scanner question Ryan Giobbi (Jan 11)
- Re: web application scanner question bugtraq (Jan 11)
- Re: web application scanner question Adrian Puente Z. (Jan 11)
- Re: web application scanner question Rodrigo Montoro(Sp0oKeR) (Jan 18)
- RE: web application scanner question Andy Cuff (Jan 19)
- Re: web application scanner question Rodrigo Montoro(Sp0oKeR) (Jan 18)
- Re: web application scanner question Ulises2k (Jan 11)
- Re: web application scanner question Husrev (Jan 21)
- Re: web application scanner question Himanshu Goyal (Jan 28)
- Re: web application scanner question Vivek Ponnulliyil (Jan 28)
- Re: web application scanner question SD List (Jan 28)
- Re: web application scanner question Vivek Ponnulliyil (Jan 28)