[WEB SECURITY] open source tools is not as good as imaged

psiinon psiinon at gmail.com
Sun Jun 5 11:31:24 EDT 2011


Have you tried the OWASP Zed Attack Proxy -
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project?
It is open source and completely free (there is no paid for 'pro' version).
Its also intended to be a community project - so we encourage involvement.
If you submit good quality code then you'll get commit access :)

Psiinon - OWASP ZAP Project Lead.

On Sat, Jun 4, 2011 at 4:18 AM, 孙松柏 <lukesun629 at gmail.com> wrote:

> hello everyone
>
> i recently do some pentest. i used several tools both open source and
> commerical  tools !
>
> for the commerical ones ,i use appscan & acunetix
>
> for the open source ones skipfish &arachni &w3af
>
> for the free one  netsparker community edition
>
> obviously , the open source tools is not stable(w3af), and the  three of
> them can not scan some fatal vulnerable(such as sql injection) as appscan
> can easily discovery.
>
> netsparker is good in both speed and result . but it's community edition
> has a lot restriction.
>
> so anyone has a project to help the opensource tools upgrade.
>
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110605/0ee1b8e8/attachment-0003.html>


More information about the websecurity mailing list