From: Erin Carroll (amoeba@amoebazone.com)
Date: Thu Oct 12 2006 - 17:48:38 EDT
Tareq,
There a many web-app scanners out there, both commercial and OSS. You
probably want to pose this question on the webappsec@securityfocus mailing
list but I let this post through to the list because list members are
always proposing new tools or utilities that I can grab to play with.
Some of the more useful ones to me in pen-testing are Nikto, Suru,
Wikto[1], or burpsuite on the OSS front and WebInspect or AppScan on the
commercial tool end.
Depending on the codebase and specifics of the webapp you are testing
there are a plethora of situation-specific tools out there; from .asp to
SQL, to java etc.
[1] Yes, I know these 3 are pretty much similar and that Suru has
superceded nikto but each of them has specific usage cases or things they
do just a slight bit better than the others.
-- Erin Carroll Moderator - SecurityFocus pen-test list On Thu, 12 Oct 2006, Tareq AlKhatib wrote: > Hey all, > > I have been asked to look for a good web vulnerability scanner. I > already have Nikto and Nessus (free version) in my toolkit. Can anyone > recommend a good web scanner? > > Yours truly, > > Tareq M. AlKhatib > > ------------------------------------------------------------------------ > This List Sponsored by: Cenzic > > Need to secure your web apps? > Cenzic Hailstorm finds vulnerabilities fast. > Click the link to buy it, try it or download Hailstorm for FREE. > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:11 EDT