[WEB SECURITY] best tool for web app scanning / pen testing

David Mirza Ahmad dma at subgraph.com
Wed Mar 6 16:44:45 EST 2013

Hey all,

I guess I'll shill Vega here too, as it might be a compromise between
the typical open source and commercial offerings - our objective is
commercial quality open source. We've made some significant improvements
since the beta - in fact, we're about to launch 1.0, just putting
finishing touches on some stuff.

You can grab a current build here (note hard Java 7 dependency, will not
start without it):


Some of the new features covered recently on our blog:



On 03/06/2013 04:26 PM, Prasad Shenoy wrote:
> I love Skipfish too but Zippy said no "engineering". The word "Cygwin" might scare him away or so I thought.....(I am only joking Zippy!)
> PS
> On Mar 6, 2013, at 4:09 PM, firebits <mrpa.security at gmail.com> wrote:
>> FYI
>> http://code.google.com/p/skipfish/

David Mirza Ahmad <dma at subgraph.com> | @attractr
Subgraph | @subgraph
Vega, the Open Source Web Security Platform
78A1 CCFD 1C60 4BA7 5E1C C1F2 42D7 08C0 2520 8C7B

More information about the websecurity mailing list