Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: web application scanner question
From: "SD List" <list () security-database com>
Date: Thu, 28 Jan 2010 21:41:30 +0100 (CET)

Hi there,

See this document, you'll find many tools that can help you to achieve
your tasks.

http://www.security-database.com/toolswatch/Security-Database-Best-IT-Security.html

Kind Regards

N.OUCHN
Founder Security-Database


My Recommenations are

1. w3af     - It s absolutely Fun!! 4/5
2. IBM Rational AppScan - False positives, but powerful, thanx to orey
Segal
3/5
3. HP Web Inspect - Ok! Gives some rare vulns 2/5
4. N Stalker - Cool.. Luv it detailed compliance specific
classifications...
Etc... 4/5
4. Retina e Eye - Good.. 2/5

Have Fun..

thnx


On 1/28/10 11:55 AM, "Himanshu Goyal" <idhimanshu () gmail com> wrote:

Acunetix and appscan are good tools.

Regards,
Himanshu

On Mon, Jan 11, 2010 at 10:47 PM, Ryan Giobbi <ryan () tgbemail com> wrote:
Hello pen-test readers,

I'm looking for recommendations on an easy-to use web application
scanner. It doesn't need to be free. It can be an application or
server-based. I'd like to avoid appliances.

I need one that can do the below.
* handle form, cookie, HTTP, and NTLM authentication
* provides reporting and logging in a sane format
* easy to configure, launch and run.
* test HTML, HTTP headers, script and very basic SSL problems

I'm not worried about missing critical but hard-to-find
vulnerabilities or issues in various browser plugins. In terms of
accuracy, the tool should catch the most common issues (xss, plain
text credentials, injection, etc) quickly.

Thanks for the opinions!!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Vivek Ponnulliyil
Director Technology, Research & Development [Europe & Asia Pacific Region]

Bel Q UG (haftungsbeschraenkt)
Markt 1, 07958, Hohenleuben, Germany
Phone : +4915120522269, +493662283690


Mobile: Europe:+447550040766
Mobile: India: +919654414992, +919847309545

Official Email: vivek () belqinc com
Personal Email: iamherevivek () gmail com
VOIP/ Chat: Skype: iamherevivek


"The information in this e-mail and any attachments is confidential and
may
be legally privileged. It is intended solely for the addressee or
addressees. If you are not an intended recipient, please delete the
message
and any attachments and notify the sender of mis delivery. Any use or
disclosure of the contents of either is unauthorized and may be unlawful.
All liability for viruses is excluded to the fullest extent permitted by
law.²





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]