[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Recommendations for Web Application Scanners

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Recommendations for Web Application Scanners
From: "Dean" <dispacct@xxxxxxxxxxx>
Date: Mon, 8 Mar 2004 10:04:47 -0000

Wow!

Thanks to everyone who took the time to reply. I got so many replies I'm afraid 
I can't thank everyone personally and I haven't had the time to go through and 
do a comparison on the softwares recommended but as promised, please find a 
compiled list of what was recommended to me.


AppScan
Database Scanner by ISS
Scandoo 
@stake webproxy --> for manual trys
AppDetective
WebInspect:
http://www.spidynamics.com/
burp proxy at portswigger.net
Spike by Dave Aitel.
http://www.xfocus.net/tools/200403/wpoison-dev.tgz
Web hack Control Centre 
-http://www.ussysadmin.com/modules.php?name=Downloads&d_op=getit&lid=64
wnikto32 (http://exploitlabs.com/files/woods/wnikto32-1.3c.zip)

More people suggested Appscan than any other.

A special thanks goes to Bill Pennington for taking the time to write me a 
relatively detailed explanation of the shortfalls of automated scanners, even 
before he had fully absorbed his coffee.

Again thank to everyone who took the time and when I have decided on which best 
suits our needs, I will let you know.

Dean

Prev by Date: [Full-Disclosure] happy 8 march to the women :)
Next by Date: Re: [Full-Disclosure] mydoom.c information
Previous by thread: [Full-Disclosure] Recommendations for Web Application Scanners
Next by thread: [Full-Disclosure] [SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
Index(es):
- Date
- Thread