[WEB SECURITY] open source web app scanners

Tom tom.bifkin0 at gmail.com
Thu Jul 5 21:42:27 EDT 2012


Not quite on par with AppScan or other current commercial products, but one
that's showing a lot of promise(Especially for the enterprise level) is
Arachni (https://github.com/Arachni/arachni).  Some interesting features:
distributed deployment, commandline and web interfaces, a self-learning
subsystem, and the ability to add custom audit/crawler/report modules
through Ruby.  The distributed deployment system is interesting because
your able to distribute the load of a scan across a set of servers to help
increase scan performance.  You can also perform separate scans on separate
servers and the results will all be uploaded to a single server for
viewing.  It still in its infancy and needs some love, but I believe it's
on it's way to becoming something great.

-Tom

On Wed, Jun 27, 2012 at 6:40 PM, Zippy Zeppoli <zippyzeppoli at gmail.com>wrote:

> Hi List,
> I was wondering if anyone has come across a web application security
> scanner which is open source that is on par with IBM Rational AppScan.
>
> I've come across some tools in the OWASP project but they don't even seem
> to come close to a too like AppScan.
>
> Thanks in advance,
> Z
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20120705/953cfd4a/attachment-0003.html>


More information about the websecurity mailing list