WebApp Sec mailing list archives

Re: Recommendation for web app scanner

From: Eric Marden <security () xentek net>
Date: Tue, 26 May 2009 07:23:31 -0400

I assume you're already using the free tools, like those contained onthe AppSecLive.org live cd?



Eric Marden
xentek: enlightened internet solutions
http://xentek.net/

On May 22, 2009, at 4:05 PM, Randal T. Rioux wrote:

Watchfire (AppScan) was great until IBM bought them (the Symantecsyndrome...). WebInspect was great until HP bought them (HP justsucks all around). It's a tough market for management friendlyreport generating Web app scanners.
NIST keeps a nice list:

http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
I tested Hailstorm once, it didn't perform as well as I hoped forthe asking price. Good luck!
Randy
I need a new web app scanner with features similar to Acunetix for
around the same price.

We've been using Acunetix for a few years, but they won't return my
calls (is 3 enough?) to renew, so I'm moving on.

I'm not experienced enough to do my own assessment by hand.

I can't afford web app services like White Hat.

Any help would be appreciated.

Current thread:

Recommendation for web app scanner Joe S (May 22)
- Re: Recommendation for web app scanner mittalu (May 25)
- RE: Recommendation for web app scanner SecLists Ertech Systems (May 25)
- Re: Recommendation for web app scanner Rory McCune (May 25)
- Re: Recommendation for web app scanner Matias N. Sliafertas (May 25)
- <Possible follow-ups>
- RE: Recommendation for web app scanner Randal T. Rioux (May 25)
  - RE: Recommendation for web app scanner Brian Shura (May 25)
    - Re: Recommendation for web app scanner Randal T. Rioux (May 26)
  - Re: Recommendation for web app scanner Eric Marden (May 26)