[WEB SECURITY] which is the best web application vulnerabilityscanner

Andre Gironda andreg at gmail.com
Wed May 4 17:58:30 EDT 2011


On Wed, May 4, 2011 at 2:44 PM, Ryan Dewhurst <ryandewhurst at gmail.com> wrote:
> My original 'run multiple scanners' comment meant running, Nikto alongside,
> DirBuster for example. Not Netsparker and Acunetix. But even though I still
> don't see that much of a problem.
>
> To be honest, I need to do some research in order to verify my assumptions,
> but my initial thoughts are that there should be no problems.

An alternative to running multiple tools in parallel (even from
different hosts) is to run them in serial, overnight, in Windows
Scheduled Tasks or Linux crontab (or similar subsystem). That way, you
can wake up to results.

My favorite way to implement this is with the W3AF emailReport plugin
-- http://blog.oxdef.info/2011/03/scheduled-scans-with-w3af.html

Burp Suite Professional and many other commercial tools also have
scheduled task functionality built-in.




More information about the websecurity mailing list