[WEB SECURITY] which is the best web application vulnerability scanner

Josh More guppie at starmind.org
Tue May 3 12:40:02 EDT 2011


They all catch different things.

I use the paid version of BurpSuite primarily.  Then I use skipfish and
arachni.

Netsparker is good, bur pricey.

W3AF is good when it works, but I've had some very annoying crashes with
it... and a crash after running for eight hours is very irritating.

-Josh More

On Mon, May 2, 2011 at 9:22 PM, 孙松柏 <lukesun629 at gmail.com> wrote:

> which is the best web application vulnerability scanner .among the free
> software like
> Arachni
> JBrofuzz
> Webshag
> Websecurify
> Zero Day Scan
> Nikto
> Wapiti
> W3AF
> Skipfish
> Grendel-Scan
> Grabber
> Arachni
> wikto
> may be sth more and  support server client mode.
>
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110503/bdd22969/attachment-0003.html>


More information about the websecurity mailing list