WebApp Sec mailing list archives
Re: Web Application Scanners Comparison
From: "love.wadhwa () naukri com" <love.wadhwa () naukri com>
Date: Wed, 28 Jan 2009 13:03:54 +0530
Hi anantasec Probably believe the zipped js files package is corrupt.Please check if thats it or m doing it the other way. On Tue, 2009-01-27 at 19:44 +0530, anantasec wrote:
Hi all, In the past weeks, I've performed an evaluation/comparison of three popular web vulnerability scanners.This evaluation was ordered by a penetration testing company that will remain anonymous. The vendors were not contacted during or after the evaluation. The applications (web scanners) included in this evaluation are: - Acunetix WVS version 6.0 (Build 20081217) - IBM Rational AppScan version 7.7.620 Service Pack 2 - HP WebInspect version 7.7.869 I've tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo applications provided by the vendors (testphp.acunetix.com, demo.testfire.net, zero.webappsecurity.com) and I've done some tests to verify Javascript execution capabilities. In total, 16 applications were tested. I've tried to cover all the major platforms, therefore I have applications in PHP, ASP, ASP.NET and Java. The report can be found at http://drop.io/anantasecfiles/ The full URL to the PDF document: http://drop.io/download/497f0f4e/c1d8b2966f85fb8549a18cbe2d789224ea665f45/759c3010-ce68-012b-dcee-f407c7ff11c2/9eeb1f00-cea5-012b-aa7b-f219675fa758/report.pdf/report_pdf.pdf I've included enough information in this report (the javascript files used for testing, exact version and URL for all the tested applications) so anybody with enough patience can verify and reproduce the results presented here. Therefore, I will not respond to emails for vendors. You have the information, fix your scanners! Best wishes & regards, anantasec -- http://anantasec.blogspot.com ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
-- Warm Regards Love Wadhwa RedHat Certified Engg. Infoedge India Ltd. Mobile:09818022122 ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Web Application Scanners Comparison anantasec (Jan 27)
- Re: Web Application Scanners Comparison romain (Jan 27)
- Re: Web Application Scanners Comparison anantasec (Jan 27)
- Message not available
- Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison BSK (Jan 29)
- Re: Web Application Scanners Comparison anantasec (Jan 27)
- Re: Web Application Scanners Comparison romain (Jan 27)
- Re: Web Application Scanners Comparison anantasec (Jan 27)
- Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison anantasec (Jan 28)