[WEB SECURITY] which is the best web application vulnerability scanner

Tasos Laskos tasos.laskos at gmail.com
Thu May 5 18:45:47 EDT 2011


I think that we've confused instead of helping you.
Long story short, from that list and using those requirements Arachni is 
the one you want.

Very fast[1], easy to use[2], covers the OWASP Top 10[3] and can 
generate HTML, XML, TXT reports[4].

[1] Asynchronous requests yield great performance.
[2] arachni http://www.mysite.com --report=html
[3] And many more.
[4] At the end of each scan the results will also be saved in an Arachni 
Framework Report file (.afr)
     so that you can generate more reports without having to rescan.

On 05/04/2011 04:15 PM, 孙松柏 wrote:
> I want to find a good scanner that can find OWASP top ten 
> vulnerability and may be more. also I want it has a good report system.
>
> On Wed, May 4, 2011 at 3:46 AM, Tasos Laskos <tasos.laskos at gmail.com 
> <mailto:tasos.laskos at gmail.com>> wrote:
>
>     It didn't occur to me before but I think you're asking the wrong
>     question.
>     You're working backwards...you first need to figure out *what* you
>     want to do and then find a scanner that does those things *well*.
>
>     So...what are you looking for?
>
>
>     On 05/03/2011 03:22 AM, 孙松柏 wrote:
>
>         which is the best web application vulnerability scanner .among
>         the free software like
>         Arachni
>         JBrofuzz
>         Webshag
>         Websecurify
>         Zero Day Scan
>         Nikto
>         Wapiti
>         W3AF
>         Skipfish
>         Grendel-Scan
>         Grabber
>         Arachni
>         wikto
>         may be sth more and  support server client mode.
>
>         FIT1-213
>         Department of Computer Science
>         Tsinghua University, Beijing, 100084
>         http://about.me/anakin/bio
>
>
>         _______________________________________________
>         The Web Security Mailing List
>
>         WebSecurity RSS Feed
>         http://www.webappsec.org/rss/websecurity.rss
>
>         Join WASC on LinkedIn
>         http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>         WASC on Twitter
>         http://twitter.com/wascupdates
>
>         websecurity at lists.webappsec.org
>         <mailto:websecurity at lists.webappsec.org>
>         http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
>
>
>
>
> -- 
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio





More information about the websecurity mailing list