Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: FW: Tools comparison and evaluation question (AppScan)

RE: FW: Tools comparison and evaluation question (AppScan)

From: Joe White <joe_at_navio.com>
Date: Fri, 17 Feb 2006 15:35:52 -0800

Serg,

Here is a one stop shop for all of your layer 1-4 pen test needs.
Layers 5-7 are still somewhat of a topic of contention :-)

http://www.remote-exploit.org/index.php/BackTrack

BackTrack is a bootable Linux CD solution that describes itself as the
next iteration of the Auditor bundle. Just grab the ISO image and burn
to a CD locally.

I ultimately installed this distribution to the hard drive on a
dedicated system and have been very impressed with the bundle as a
whole. Also, if you poke around the site a bit, there is some decent
docs on ramping up on the bundled tools if you are not that familiar
with them already.

Disclaimer: I am in no way related/connected to the Backtrack or
Auditor distributions. However, I have used them both and share this
information here from the perspective of a satisfied user and not
necessarily a promoter or advocate of the tools mentioned.

Hope this helps,

Joe

<<<>>>

-----Original Message-----
From: Serg B. [mailto:serg.belokamen_at_gmail.com]
Sent: Friday, February 17, 2006 7:45 AM
To: webappsec_at_securityfocus.com
Subject: Re: FW: Tools comparison and evaluation question (AppScan)

Just to direct the topic a little bit:
Can anyone also recomed some good general pen-testing tools? So
something that is not specific to web application testing. Doesn't have
to be open source. Something a long the lines of Nessus.

   Thanks,
      Serg

> Hi All,
>
> I am currently looking at using/evaluating a tool called AppScan (by
> watchfire.com).
>
> So the question is in two parts and ASAP reply would be greatly
> appreciated.
>
> First:
> Without starting a flame war (hopefully) or marketing campaign
(another
> hopefully) can any one tell me abut their experience with the
software,
> what you find useful about it, what not, any annoyances, missing
> functionality, etc.
>
> Second:
> Can anyone recommend any simular type of software, preferably open
> source (although not at all essential), and describe its performance,
> usability and "usefulness" so to speak using AppScan as a reference
> point.
>
> Thanks,
> Serg
>
>
------------------------------------------------------------------------
> -
> This List Sponsored by: SpiDynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!"
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world
> examples of recent hacking methods such as: SQL Injection, Cross Site
> Scripting and Parameter Manipulation
>
>
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
> l
>
------------------------------------------------------------------------
> --
>
>
>
------------------------------------------------------------------------
-
> This List Sponsored by: SpiDynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!"
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world
> examples of recent hacking methods such as: SQL Injection, Cross Site
> Scripting and Parameter Manipulation
>
>
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
l
>
------------------------------------------------------------------------ 

--
> 
------------------------------------------------------------------------
-
This List Sponsored by: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
l
------------------------------------------------------------------------
--
-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Feb 17 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]