[WEB SECURITY] open source tools is not as good as imaged
psiinon at gmail.com
Sun Jun 5 11:31:24 EDT 2011
Have you tried the OWASP Zed Attack Proxy -
It is open source and completely free (there is no paid for 'pro' version).
Its also intended to be a community project - so we encourage involvement.
If you submit good quality code then you'll get commit access :)
Psiinon - OWASP ZAP Project Lead.
On Sat, Jun 4, 2011 at 4:18 AM, 孙松柏 <lukesun629 at gmail.com> wrote:
> hello everyone
> i recently do some pentest. i used several tools both open source and
> commerical tools !
> for the commerical ones ,i use appscan & acunetix
> for the open source ones skipfish &arachni &w3af
> for the free one netsparker community edition
> obviously , the open source tools is not stable(w3af), and the three of
> them can not scan some fatal vulnerable(such as sql injection) as appscan
> can easily discovery.
> netsparker is good in both speed and result . but it's community edition
> has a lot restriction.
> so anyone has a project to help the opensource tools upgrade.
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity