Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pen testing web servers
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Sat, 20 Dec 2008 21:54:48 -0500

Well, in my experience NTO is far more accurate (less false positives and negatives). Its also not a pain in the ass to purchase. In the end though an automated scanner is just a basic tool to help the tester. If the tester is a bonehead, then the report will be useless. :)


On Dec 20, 2008, at 1:04 AM, Erin Carroll wrote:

On the commercial side, what does NTOspider offer or do better than an
Appscan or WebInspect? I haven't had any hands-on time with NTOspider so am
curious.

--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"I cannot brain today, I have the dumb"


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Adriel T. Desautels
Sent: Friday, December 19, 2008 7:08 PM
To: Kevin P Biggs
Cc: pen-test () securityfocus com
Subject: Re: Pen testing web servers

So you probably want a free one tool.

if I were you I'd check out burp suite. It can help you assess the
security of your application at a very deep level if you know what you
are doing. If you want to pay for something like a scanner, well I
can't really recommend one. I have yet to find one that I'm at all
impressed by aside from *maybe* NTOspider... but I'm still on the
fence there...

On Dec 19, 2008, at 9:35 PM, Kevin P Biggs wrote:

Its for pentesting my own web server that I will be running
wordpress, some forum software, and other things on ...
Adriel T. Desautels wrote:
Kevin,
  Are you looking to pentest your own web application or someone
else's? Its an important question because the answer will determine
the tool.


On Dec 19, 2008, at 6:10 PM, Kevin P Biggs wrote:

What does everyone consider the best pen tool for testing web
servers?
I have tried Nessus.
What tool(s) do you recommend?

-------------------------------------------------------------------
-----
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
-------------------------------------------------------------------
-----


Adriel T. Desautels
ad_lists () netragard com






Adriel T. Desautels
ad_lists () netragard com




-----------------------------------------------------------------------
-
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
-----------------------------------------------------------------------
-


Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]