lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY14-DAV2eOcyxuw7d00024519@hotmail.com> From: dispacct at hotmail.com (Dean) Subject: Recommendations for Web Application Scanners Wow! Thanks to everyone who took the time to reply. I got so many replies I'm afraid I can't thank everyone personally and I haven't had the time to go through and do a comparison on the softwares recommended but as promised, please find a compiled list of what was recommended to me. AppScan Database Scanner by ISS Scandoo @stake webproxy --> for manual trys AppDetective WebInspect: http://www.spidynamics.com/ burp proxy at portswigger.net Spike by Dave Aitel. http://www.xfocus.net/tools/200403/wpoison-dev.tgz Web hack Control Centre -http://www.ussysadmin.com/modules.php?name=Downloads&d_op=getit&lid=64 wnikto32 (http://exploitlabs.com/files/woods/wnikto32-1.3c.zip) More people suggested Appscan than any other. A special thanks goes to Bill Pennington for taking the time to write me a relatively detailed explanation of the shortfalls of automated scanners, even before he had fully absorbed his coffee. Again thank to everyone who took the time and when I have decided on which best suits our needs, I will let you know. Dean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040308/a0c9e838/attachment.html
Powered by blists - more mailing lists