Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: Opinions of automated testers
From: Joey Peloquin <joeyp () cotse net>
Date: Thu, 10 May 2007 08:53:43 -0500
Benny Tsai wrote:

Another option is setting up WebGoat as a pen-test playground:

http://www.owasp.org/index.php/OWASP_WebGoat_Project

-Benny

Webgoat is absolutely terrible for evaluating automated scanners.  It's
intended as a training tool, not an evaluation platform (for now, at least).
 If you rely on it alone, you won't be happy with any scanner on the market.

Other than SPI and Cenzic's test sites, I'd take the advice of our other
peers that have recommended the Hacme* line of test apps.  If you're savvy,
you could also try to get your own running with the OWASP SiteGenerator
[http://www.owasp.org/index.php/Owasp_SiteGenerator].

Good luck!
 -jp

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]