Penetration Testing mailing list archives
Re: OWASP Top 10 penetration testing software?
From: David Mirza <dma () subgraph com>
Date: Tue, 28 Feb 2012 15:50:24 -0500
On 02/28/2012 02:35 PM, webcat wrote:
Hi, for one of my websites, I have been required to use a web application scanner that tests against the OWASP Top Ten threats. I'm looking for a scanner that does this that is inexpensive or free. Possible scanners I've found for this include the OWASP Zed Attach Proxy Project, Sonar, and w3af, but none of these explicitly tests against the OWASP Top Ten threats (at least not that I can tell). Does anyone know of a scanner that does test against the OWASP Top Ten threats? Thank you!
We have written a web scanner and intercepting proxy called Vega, it's in beta. It's free and open source, you should check it out. It's really not possible for one magic automated tool to check for all of the Owasp Top 10 issues (#3, #7..). For comprehensive coverage, you will need to take a hybrid automated/manual approach. We're working on a new release and looking for feedback, so I recommend you grab the develop branch from github (for now) to see some of the newest features. We'll put up a proper build soon. Download the beta build: http://www.subgraph.com Source: http://github.com/subgraph/Vega Detailed write-up in February's (IN)Secure magazine: http://www.net-security.org/dl/insecure/INSECURE-Mag-33.pdf In the case of Windows, if you (or anyone) ping me directly with your platform details I can give you a build. -- David Mirza Ahmad <dma () subgraph com> | @attractr Subgraph | @subgraph Vega, the Open Source Web Security Platform http://www.subgraph.com E73B E35A 0D3A FC28 E5A9 5266 21EB 2FBC 1C84 0AA5 ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- OWASP Top 10 penetration testing software? webcat (Feb 28)
- Re: OWASP Top 10 penetration testing software? M. Hani Benhailes (Feb 28)
- Re: OWASP Top 10 penetration testing software? webcat (Feb 28)
- Re: OWASP Top 10 penetration testing software? Michele Orru (Feb 28)
- Re: OWASP Top 10 penetration testing software? martin . mngoma (Feb 28)
- Re: OWASP Top 10 penetration testing software? Robert Wood (Feb 28)
- Re: OWASP Top 10 penetration testing software? martin . mngoma (Feb 28)
- Re: OWASP Top 10 penetration testing software? Robert Wood (Feb 28)
- Re: OWASP Top 10 penetration testing software? Tim Gonzales (Feb 28)
- Re: OWASP Top 10 penetration testing software? psiinon (Feb 28)
- Re: OWASP Top 10 penetration testing software? David Mirza (Feb 28)
- Re: OWASP Top 10 penetration testing software? Nathalie Vaiser (Feb 28)
- Re: OWASP Top 10 penetration testing software? M. Hani Benhailes (Feb 28)