Penetration Testing: Re: Pen testing web servers

["Adriel T. Desautels" <ad_lists () netragard com>]

Well, in my experience NTO is far more accurate (less false positives  
and negatives). Its also not a pain in the ass to purchase. In the end  
though an automated scanner is just a basic tool to help the tester.  
If the tester is a bonehead, then the report will be useless. :)

On Dec 20, 2008, at 1:04 AM, Erin Carroll wrote:

> On the commercial side, what does NTOspider offer or do better than an
> Appscan or WebInspect? I haven't had any hands-on time with  
> NTOspider so am
> curious.
>
> --
> Erin Carroll
> Moderator, SecurityFocus pen-test mailing list
> "I cannot brain today, I have the dumb"
>
>
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Adriel T.  
> > Desautels
> > Sent: Friday, December 19, 2008 7:08 PM
> > To: Kevin P Biggs
> > Cc: pen-test () securityfocus com
> > Subject: Re: Pen testing web servers
> >
> > So you probably want a free one tool.
> >
> > if I were you I'd check out burp suite. It can help you assess the
> > security of your application at a very deep level if you know what  
> > you
> > are doing. If you want to pay for something like a scanner, well I
> > can't really recommend one. I have yet to find one that I'm at all
> > impressed by aside from *maybe* NTOspider... but I'm still on the
> > fence there...
> >
> > On Dec 19, 2008, at 9:35 PM, Kevin P Biggs wrote:
> >
> > > Its for pentesting my own web server that I will be running
> > > wordpress, some forum software, and other things on ...
> > > Adriel T. Desautels wrote:
> > > > Kevin,
> > > >   Are you looking to pentest your own web application or someone
> > > > else's? Its an important question because the answer will determine
> > > > the tool.
> > > >
> > > >
> > > > On Dec 19, 2008, at 6:10 PM, Kevin P Biggs wrote:
> > > >
> > > > > What does everyone consider the best pen tool for testing web
> > > > > servers?
> > > > > I have tried Nessus.
> > > > > What tool(s) do you recommend?
> > > > >
> > > > > -------------------------------------------------------------------
> > -----
> > > > > This list is sponsored by: Cenzic
> > > > >
> > > > > Security Trends Report from Cenzic
> > > > > Stay Ahead of the Hacker Curve!
> > > > > Get the latest Q2 2008 Trends Report now
> > > > >
> > > > > www.cenzic.com/landing/trends-report
> > > > > -------------------------------------------------------------------
> > -----
> > > > >
> > > > Adriel T. Desautels
> > > > ad_lists () netragard com
> > Adriel T. Desautels
> > ad_lists () netragard com
> >
> >
> >
> >
> > -----------------------------------------------------------------------
> > -
> > This list is sponsored by: Cenzic
> >
> > Security Trends Report from Cenzic
> > Stay Ahead of the Hacker Curve!
> > Get the latest Q2 2008 Trends Report now
> >
> > www.cenzic.com/landing/trends-report
> > -----------------------------------------------------------------------
> > -
Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------