[WEB SECURITY] open source tools is not as good as imaged
psiinon
psiinon at gmail.com
Sun Jun 5 11:31:24 EDT 2011
Have you tried the OWASP Zed Attack Proxy -
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project?
It is open source and completely free (there is no paid for 'pro' version).
Its also intended to be a community project - so we encourage involvement.
If you submit good quality code then you'll get commit access :)
Psiinon - OWASP ZAP Project Lead.
On Sat, Jun 4, 2011 at 4:18 AM, 孙松柏 <lukesun629 at gmail.com> wrote:
> hello everyone
>
> i recently do some pentest. i used several tools both open source and
> commerical tools !
>
> for the commerical ones ,i use appscan & acunetix
>
> for the open source ones skipfish &arachni &w3af
>
> for the free one netsparker community edition
>
> obviously , the open source tools is not stable(w3af), and the three of
> them can not scan some fatal vulnerable(such as sql injection) as appscan
> can easily discovery.
>
> netsparker is good in both speed and result . but it's community edition
> has a lot restriction.
>
> so anyone has a project to help the opensource tools upgrade.
>
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110605/0ee1b8e8/attachment.html>
More information about the websecurity
mailing list