[WEB SECURITY] open source tools is not as good as imaged

Andres Riancho andres.riancho at gmail.com
Sat Jun 4 22:13:30 EDT 2011


On Sat, Jun 4, 2011 at 12:18 AM, 孙松柏 <lukesun629 at gmail.com> wrote:
> hello everyone
> i recently do some pentest. i used several tools both open source and
> commerical  tools !
> for the commerical ones ,i use appscan & acunetix
> for the open source ones skipfish &arachni &w3af
> for the free one  netsparker community edition
> obviously , the open source tools is not stable(w3af),

    Have you tested the latest version? We've REALLY improved the
stability of the project in our latest release. If it still crashes in
some way for you, lets work together to make it work as expected.

> and the  three of
> them can not scan some fatal vulnerable(such as sql injection) as appscan
> can easily discovery.

    This is not uncommon, but you can find the revert case also.

> netsparker is good in both speed and result . but it's community edition has
> a lot restriction.
> so anyone has a project to help the opensource tools upgrade.
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
> _______________________________________________
> The Web Security Mailing List
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> http://twitter.com/wascupdates
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

More information about the websecurity mailing list