[WEB SECURITY] best tool for web app scanning / pen testing

Vernon Jones Vernon.Jones at derivco.com
Wed Mar 6 04:20:23 EST 2013


Hey Z


For commercial tools you can try one of the following

H Fortify Web inspect - http://www8.hp.com/us/en/software-solutions/software.html?compURI=1341991

Acunetix - www.acunetix.com


For Open source you can try one of the following

OWASP ZED Proxy with build in Scanner for OWASP top 10 - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project


CAT Proxy - http://www.contextis.com/research/tools/cat/

Hope this helps dude

V


-----Original Message-----
From: websecurity [mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of Zippy Zeppoli
Sent: 06 March 2013 03:54 AM
To: websecurity at lists.webappsec.org
Subject: [WEB SECURITY] best tool for web app scanning / pen testing

Hello,
I am looking for a solution to do web application vulnerability scanning / testing.
IBM's rational appscan seems like a good solution, and I've used it in the past.
The only problem seems to be the IBM part. I'm trying to engage them for a trial license that doesn't only scan some useless webgoat, and test it on my own app.

I'm getting kind of dismayed with the responsiveness, so I'm wondering if there are better *commercial* solutions out there which are ready to go out of the box.
I'd love to use open source tools, but I don't have the time to do the engineering part since I'm overburdened.

Thanks for your tips.

Z

_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
#############################################################################################
The information transmitted is intended only for the person or entity to which it 
is addressed and may contain confidential and/or privileged material. 
Any review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the intended 
recipient is prohibited. If you received this in error, please contact the sender and
delete the material from any computer.

Furthermore, the information contained in this message, and any attachments thereto, is
for information purposes only and may contain the personal views and opinions of the 
author, which are not necessarily the views and opinions of the company.
#############################################################################################




More information about the websecurity mailing list