Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Recommendations for Web Application Scanners
From: "Dean" <dispacct () hotmail com>
Date: Mon, 8 Mar 2004 10:04:47 -0000


Thanks to everyone who took the time to reply. I got so many replies I'm afraid I can't thank everyone personally and I 
haven't had the time to go through and do a comparison on the softwares recommended but as promised, please find a 
compiled list of what was recommended to me.

Database Scanner by ISS
@stake webproxy --> for manual trys
burp proxy at portswigger.net
Spike by Dave Aitel.
Web hack Control Centre -http://www.ussysadmin.com/modules.php?name=Downloads&d_op=getit&lid=64
wnikto32 (http://exploitlabs.com/files/woods/wnikto32-1.3c.zip)

More people suggested Appscan than any other.

A special thanks goes to Bill Pennington for taking the time to write me a relatively detailed explanation of the 
shortfalls of automated scanners, even before he had fully absorbed his coffee.

Again thank to everyone who took the time and when I have decided on which best suits our needs, I will let you know.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]