[WEB SECURITY] which is the best web application vulnerability scanner

Andreas Schmidt webappsec at siberas.de
Wed May 4 02:39:15 EDT 2011


I would also recommend WATOBO (Web Application Toolbox).
WATOBO is focused on manual pentesting but has also some automated
scanning capabilities, e.g. SQL, XSS,..
It acts as a local proxy, similar to Webscarab, Paros or BurpSuite.

The most important advantages are:
- Testing of CSRF protected webapps!
- It has Session Management capabilities! You can define login scripts
as well as logout signatures. So you don’t have to login manually each
time you get logged out.
- Can perform vulnerability checks out of the box.
- It supports Inline De-/Encoding, so you don’t have to copy strings to
a transcoder and back again. Just do it inside the request/response
window with a simple mouse click.
- It has smart filter functions, so you can find and navigate to the
most interesting parts of the application easily.
- It's written in (FX)Ruby and enables you to define your own checks
- WATOBO is free software ( licensed under the GNU General Public
License Version 2)

More information you can find at the project page 

There's also a very good manual including tutorials here:
http://www.aldeid.com/index.php/Watobo - Thanks to Sebastien!



Am 03.05.2011 04:22, schrieb 孙松柏:
> which is the best web application vulnerability scanner .among the free
> software like
> Arachni
> JBrofuzz
> Webshag
> Websecurify
> Zero Day Scan
> Nikto
> Wapiti
> W3AF
> Skipfish
> Grendel-Scan
> Grabber
> Arachni
> wikto
> may be sth more and  support server client mode.
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
> _______________________________________________
> The Web Security Mailing List
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> http://twitter.com/wascupdates
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110504/537f0221/attachment-0003.html>

More information about the websecurity mailing list