Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: web application scanner question
From: "Adrian Puente Z." <puenteadrian () gmail com>
Date: Mon, 11 Jan 2010 14:22:13 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I recommend Acunetix. We have been using those apps for a long time now
and It does everything you said you need. It can be kind of aggressive
though.

http://www.acunetix.com/

  I also recommend NStalker. It's kinda new but it helps to compare the
results with the Acunetix.

http://www.nstalker.com/

Greets,


Ryan Giobbi wrote:
Hello pen-test readers,

I'm looking for recommendations on an easy-to use web application
scanner. It doesn't need to be free. It can be an application or
server-based. I'd like to avoid appliances.

I need one that can do the below.
* handle form, cookie, HTTP, and NTLM authentication
* provides reporting and logging in a sane format
* easy to configure, launch and run.
* test HTML, HTTP headers, script and very basic SSL problems

I'm not worried about missing critical but hard-to-find
vulnerabilities or issues in various browser plugins. In terms of
accuracy, the tool should catch the most common issues (xss, plain
text credentials, injection, etc) quickly.

Thanks for the opinions!!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


- --
Adrián Puente Z.
[www.hackarandas.com]
Donde las ideas se dispersan en bytes...

"... ruego a mi orgullo que se acompañe siempre de mi prudencia,
y si algún día mi prudencia se echara a volar, que al menos
pueda volar junto con mi locura"
        --Nietzche

Huella: FBD6 4C36 2557 C64C 1318  70A8 F561 CB6F 4E40 5AFB
http://www.hackarandas.com/apuente_at_hackarandas.com.asc.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktLiHUACgkQW2tF/eN2yfYpQACdFnKylFGho2s5qmX05KHRrCXk
DlwAoICKg4MkY13cOJjDjgNKM1u1EGEQ
=8A8s
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]