[OWASP-Bangalore] Application security assessment tool?

Akash akashmahajan at gmail.com
Thu Feb 26 05:47:13 EST 2009


Google for web vulnerability scanners

I would start with http://sectools.org/web-scanners.html

I have personally used nikto a lot. You can customize it easily.
I also use twill, selenium proxy as well.

Have heard nice things about appscan and acunetix. But haven't used
them personally.

If they are curious about learning they can try out web scarab and web goat

HTH

regards
Akash


2009/2/26 Niranjan Patil <niranjan.patil at gmail.com>:
> Hi team,
>
> Need your help here.
> I work as an infosec manager and I have a strange request from a dev
> team for an application security assessment tool!
> I know it sounds little naive, but what they are looking for is
> something in the lines of Nessus but are ok if it’s not comprehensive
> one.
> They did understood when I explained about OWASP guidelines, OWASP top
> ten, SANS/MITRE top 25, webappsec.org, etc.. For them, a tool which
> can quickly scan and give out vulnerabilities/ exploits quickly is
> desired.
>
> --
> Regs,
> Niranjan
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>



-- 
regards
akash


More information about the OWASP-Bangalore mailing list