lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY14-DAV2eOcyxuw7d00024519@hotmail.com>
From: dispacct at hotmail.com (Dean)
Subject: Recommendations for Web Application Scanners

Wow!

Thanks to everyone who took the time to reply. I got so many replies I'm afraid I can't thank everyone personally and I haven't had the time to go through and do a comparison on the softwares recommended but as promised, please find a compiled list of what was recommended to me.


AppScan
Database Scanner by ISS
Scandoo 
@stake webproxy --> for manual trys
AppDetective
WebInspect:
http://www.spidynamics.com/
burp proxy at portswigger.net
Spike by Dave Aitel.
http://www.xfocus.net/tools/200403/wpoison-dev.tgz
Web hack Control Centre -http://www.ussysadmin.com/modules.php?name=Downloads&d_op=getit&lid=64
wnikto32 (http://exploitlabs.com/files/woods/wnikto32-1.3c.zip)

More people suggested Appscan than any other.

A special thanks goes to Bill Pennington for taking the time to write me a relatively detailed explanation of the shortfalls of automated scanners, even before he had fully absorbed his coffee.

Again thank to everyone who took the time and when I have decided on which best suits our needs, I will let you know.

Dean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040308/a0c9e838/attachment.html

Powered by blists - more mailing lists