Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Vuln Scanner for Web App Source Code

Re: Vuln Scanner for Web App Source Code

From: <bugtraq_at_cgisecurity.net>
Date: Wed, 21 May 2008 13:50:59 -0400 (EDT)

> Cenzic Hailstorm and SPI Dynamics Web Inspect are vulnerability
> scanners ONLY and do NOT inspect source code. Same with Paros Proxy,
> this is a pen testing / VA tool more than anything.

SPI (now HP) does have a product called Devinspect that plugs into a development IDE (visual studio and eclipse) and performs some
hybrid blackbox/whitebox scanning.

Regards,
- Robert
http://www.cgisecurity.com/
http://www.webappsec.org/
http://www.techlists.org/

>
> I'd still recommend you do manual checks in addition to using a source
> code scanner. You'll have to to verify the results.
>
> -J
>
> On 18 May 2008 04:15:50 -0000, cnanne_at_gmail.com <cnanne_at_gmail.com> wrote:
> > This might be a bit of a dumb question, but does anyone know of a good Vulnerability Scanner for finding faults in the actual Source Code of the Web App? Or can this task can only be done by hand?
> >
> >
> > Any feedback on this is highly appreciative
> >
> >
> >
> > cheers,
> >
> >
> > PhoenixRbrth
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Top 5 Common Mistakes
> > in Securing Web Applications
> > Find out now! Get Webinar Recording and PPT Slides
> >
> > www.cenzic.com/landing/securityfocus/hackinar
> > ------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 22 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]