[WEB SECURITY] open source web app scanners
tom.bifkin0 at gmail.com
Thu Jul 5 21:42:27 EDT 2012
Not quite on par with AppScan or other current commercial products, but one
that's showing a lot of promise(Especially for the enterprise level) is
Arachni (https://github.com/Arachni/arachni). Some interesting features:
distributed deployment, commandline and web interfaces, a self-learning
subsystem, and the ability to add custom audit/crawler/report modules
through Ruby. The distributed deployment system is interesting because
your able to distribute the load of a scan across a set of servers to help
increase scan performance. You can also perform separate scans on separate
servers and the results will all be uploaded to a single server for
viewing. It still in its infancy and needs some love, but I believe it's
on it's way to becoming something great.
On Wed, Jun 27, 2012 at 6:40 PM, Zippy Zeppoli <zippyzeppoli at gmail.com>wrote:
> Hi List,
> I was wondering if anyone has come across a web application security
> scanner which is open source that is on par with IBM Rational AppScan.
> I've come across some tools in the OWASP project but they don't even seem
> to come close to a too like AppScan.
> Thanks in advance,
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity