Penetration Testing: Re: Vuln Scanner for Web App Source Code

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Vuln Scanner for Web App Source Code

From: bugtraq () cgisecurity net
Date: Wed, 21 May 2008 13:50:59 -0400 (EDT)

Cenzic Hailstorm and SPI Dynamics Web Inspect are vulnerability
scanners ONLY and do NOT inspect source code. Same with Paros Proxy,
this is a pen testing / VA tool more than anything.


SPI (now HP) does have a product called Devinspect that plugs into a development IDE (visual studio and eclipse) and 
performs some
hybrid blackbox/whitebox scanning. 

Regards,
- Robert
http://www.cgisecurity.com/
http://www.webappsec.org/
http://www.techlists.org/


I'd still recommend you do manual checks in addition to using a source
code scanner. You'll have to to verify the results.

-J

On 18 May 2008 04:15:50 -0000, cnanne () gmail com <cnanne () gmail com> wrote:

This might be a bit of a dumb question, but does anyone know of a good Vulnerability Scanner for finding faults in 
the actual Source Code of the Web App? Or can this task can only be done by hand?


Any feedback on this is highly appreciative



cheers,


PhoenixRbrth

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

By Date By Thread

Current thread:

Vuln Scanner for Web App Source Code cnanne (May 18)
- Re: Vuln Scanner for Web App Source Code r (May 18)
- Re: Vuln Scanner for Web App Source Code Jason (May 21)
  - Re: Vuln Scanner for Web App Source Code bugtraq (May 22)
  - Re: Vuln Scanner for Web App Source Code Mike Duncan (May 22)
    - Re: Vuln Scanner for Web App Source Code Haroon Meer (May 23)
- RE: Vuln Scanner for Web App Source Code Kevin Reiter (May 22)
  - RE: Vuln Scanner for Web App Source Code NL Nathan LaFollette (2094) (May 23)
    - Re: Vuln Scanner for Web App Source Code bigbert007 (May 28)