[OWASP-Bangalore] Application security assessment tool?

Sekhar_Vedantam at emc.com Sekhar_Vedantam at emc.com
Fri Feb 27 01:15:31 EST 2009


WebInspect is another $ good one. If it is one time requirement, you may try an Eval 15 days copy.


Sekhar

-----Original Message-----
From: owasp-bangalore-bounces at lists.owasp.org [mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of Akash
Sent: Thursday, February 26, 2009 4:17 PM
To: owasp-bangalore at lists.owasp.org
Subject: Re: [OWASP-Bangalore] Application security assessment tool?

Google for web vulnerability scanners

I would start with http://sectools.org/web-scanners.html

I have personally used nikto a lot. You can customize it easily.
I also use twill, selenium proxy as well.

Have heard nice things about appscan and acunetix. But haven't used
them personally.

If they are curious about learning they can try out web scarab and web goat

HTH

regards
Akash


2009/2/26 Niranjan Patil <niranjan.patil at gmail.com>:
> Hi team,
>
> Need your help here.
> I work as an infosec manager and I have a strange request from a dev
> team for an application security assessment tool!
> I know it sounds little naive, but what they are looking for is
> something in the lines of Nessus but are ok if it’s not comprehensive
> one.
> They did understood when I explained about OWASP guidelines, OWASP top
> ten, SANS/MITRE top 25, webappsec.org, etc.. For them, a tool which
> can quickly scan and give out vulnerabilities/ exploits quickly is
> desired.
>
> --
> Regs,
> Niranjan
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>



-- 
regards
akash
_______________________________________________
OWASP-Bangalore mailing list
OWASP-Bangalore at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-bangalore


More information about the OWASP-Bangalore mailing list