[WEB SECURITY] Web Application Scanners Comparison

anantasec anantasec at googlemail.com
Thu Jan 29 14:18:40 EST 2009


Hello Ory,

Sure, I'm sorry for not including this information in the initial report.

I've used three machines:

1. Unix machine for testing PHP applications
Operating system: FreeBSD 6.4-RELEASE
Web Server: Apache/2.2.3 (FreeBSD) DAV/2 PHP/5.2.8 mod_ssl/2.2.3
OpenSSL/0.9.7e-p1

relevant .htaccess settings: (placed in the root directory. some
applications may rewrite these settings).
php_value magic_quotes_gpc Off
php_value register_globals On
php_value allow_url_fopen On
php_value allow_url_include On

2. Windows machine for testing Java applications
Operating system: Windows XP Service Pack 2
Web Server: Apache Tomcat 6.0.18
Java Virtual Machine: jre1.6.0_07

3. Windows machine used for testing ASP.NET applications
Operating system: Windows XP Service Pack 2
Web Server: Microsoft-IIS/5.1
ASP.NET versions:
1.1.4322
2.0.50727


On 1/29/09, Ory Segal <SEGALORY at il.ibm.com> wrote:
> Hello,
>
> Could you be kind enough and share with us the environment on which you
> have installed the web applications? operating system, version, service
> packs, web server type and version, etc.?
>
> Thank you,
> -Ory Segal
>

-- 
http://anantasec.blogspot.com

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list