[WEB SECURITY] which is the best web application vulnerability scanner
webappsec at siberas.de
Wed May 4 02:39:15 EDT 2011
I would also recommend WATOBO (Web Application Toolbox).
WATOBO is focused on manual pentesting but has also some automated
scanning capabilities, e.g. SQL, XSS,..
It acts as a local proxy, similar to Webscarab, Paros or BurpSuite.
The most important advantages are:
- Testing of CSRF protected webapps!
- It has Session Management capabilities! You can define login scripts
as well as logout signatures. So you don’t have to login manually each
time you get logged out.
- Can perform vulnerability checks out of the box.
- It supports Inline De-/Encoding, so you don’t have to copy strings to
a transcoder and back again. Just do it inside the request/response
window with a simple mouse click.
- It has smart filter functions, so you can find and navigate to the
most interesting parts of the application easily.
- It's written in (FX)Ruby and enables you to define your own checks
- WATOBO is free software ( licensed under the GNU General Public
License Version 2)
More information you can find at the project page
There's also a very good manual including tutorials here:
http://www.aldeid.com/index.php/Watobo - Thanks to Sebastien!
Am 03.05.2011 04:22, schrieb 孙松柏:
> which is the best web application vulnerability scanner .among the free
> software like
> Zero Day Scan
> may be sth more and support server client mode.
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity