Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pen testing web servers
From: "Micah Lee" <micahflee () gmail com>
Date: Fri, 19 Dec 2008 19:22:16 -0500

For web servers I like nikto. It scans a web server looking for known
vulnerable software and default or bad configurations. It tends to
give a lot of false positives though, so it's important to manually
check each potential vulnerability.

For testing web applications, I like webscarab. It's an intercepting
proxy, among other things, making it easy to modify any input that you
give to web applications, which it's in the headers, GETs, POSTs, or
cookies.

On Fri, Dec 19, 2008 at 6:10 PM, Kevin P Biggs <kbiggs81 () gmail com> wrote:
What does everyone consider the best pen tool for testing web servers?
I have tried Nessus.
What tool(s) do you recommend?

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault