Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Automagic webapp testing tools

from [inflatablekiwi] Network Security [Permanent Link]
Subject: Automagic webapp testing tools
Date: 9 Mar 2005 08:02:29 -0000 


Hi Folks,
I currently use SPI WebInspect for as part of a process for vulnerability 
assessments/pen tests on different web applications. The license is up for 
renewal soon and before re-purchasing, I'm wondering if anyone on the list has 
any real world thoughts/experiences on how it stacks up against some of the 
alternatives like 

 - Watchfire Appscan
 - Kavado ScanDo
 - Any others I've missed

Any list members thoughts (on or off the list) or pointers to good product 
comparisons for these would be much appreciated.  I'm more of a believer in 
manual testing myself (yay Netcat and WebScarab!), but I also see the value in 
these sorts of tools.

Ta,
IF

p.s Also as a totally random aside - I've recently been reading a couple of 
different security vendors pen test reports for similar profile web sites and 
I'm amazed by the analysis disparity on the same simple issues (like track and 
trace verbs being enabled - ranging from "Extreme Risk - The sky is falling - 
you will be owned now" to "Low risk - disable these verbs and move along").  
Just saying.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Foundstone Hacme Books and .NET Security Toolkit, Mark Curphey
Next by Date:  Re: Web security breach changes the lives of 119 people, christopher
Previous by Thread:  Foundstone Hacme Books and .NET Security Toolkit, Mark Curphey
Next by Thread:  RE: Automagic webapp testing tools, Evans, Arian
Indexes:  [Date] [Thread] [Top] [All Lists]