Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Opinions of automated testers
From: Joey Peloquin <joeyp () cotse net>
Date: Thu, 10 May 2007 08:53:43 -0500

Benny Tsai wrote:
Another option is setting up WebGoat as a pen-test playground:


Webgoat is absolutely terrible for evaluating automated scanners.  It's
intended as a training tool, not an evaluation platform (for now, at least).
 If you rely on it alone, you won't be happy with any scanner on the market.

Other than SPI and Cenzic's test sites, I'd take the advice of our other
peers that have recommended the Hacme* line of test apps.  If you're savvy,
you could also try to get your own running with the OWASP SiteGenerator

Good luck!

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]