From: Petr.Kazil@eap.nl
Date: Fri Feb 17 2006 - 13:05:34 EST
> the list of tools I've put together is
> Commercial Tools
> -----------------
> SPI Webinspect
We have a license for this and it's not cheap.
I'm not the guy who uses this tool, but my colleagues do.
>From what I've seen over their shoulders:
- it's very powerful and relatively intelligent in interpreting the
results it gets from the website (more intelligent than nikto)
- it's produced surprising results several times that we wouldn't have
found by hand
- if you run it full throttle it can crash a weak server
- it produces a lot of output that you have to scrutinize by hand
- it needs a lot of time to tame, and a lot of time to get used to.
But overall we are satisfied. We just renewed the license for another
year.
I also have the feeling that SPI staff is very approachable.
Of course we are curious about your experiences ...
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:32 EDT