[WEB SECURITY] open source tools is not as good as imaged

孙松柏 lukesun629 at gmail.com
Fri Jun 3 23:18:04 EDT 2011

hello everyone

i recently do some pentest. i used several tools both open source and
commerical  tools !

for the commerical ones ,i use appscan & acunetix

for the open source ones skipfish &arachni &w3af

for the free one  netsparker community edition

obviously , the open source tools is not stable(w3af), and the  three of
them can not scan some fatal vulnerable(such as sql injection) as appscan
can easily discovery.

netsparker is good in both speed and result . but it's community edition has
a lot restriction.

so anyone has a project to help the opensource tools upgrade.

Department of Computer Science
Tsinghua University, Beijing, 100084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110604/f7901272/attachment-0003.html>

More information about the websecurity mailing list