[OWASP-Bangalore] OWASP-Bangalore Digest, Vol 15, Issue 13

praveen_recker . praveen_recker at sify.com
Fri Feb 27 02:57:43 EST 2009


Hi Niranjan,

If u want opensource u can use Metasploit other than Nessus.
You can also use commercial tools like Canvas, CoreImpact etc. for scanning
and finding vulnerabilities.

Best Regards,
Praveen Darshanam

On Thu, Feb 26, 2009 at 10:30 PM,
<owasp-bangalore-request at lists.owasp.org>wrote:

> Send OWASP-Bangalore mailing list submissions to
>        owasp-bangalore at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> or, via email, send a message with subject or body 'help' to
>        owasp-bangalore-request at lists.owasp.org
>
> You can reach the person managing the list at
>        owasp-bangalore-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-Bangalore digest..."
>
>
> Today's Topics:
>
>   1. Application security assessment tool? (Niranjan Patil)
>   2. Re: Application security assessment tool? (Akash)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 26 Feb 2009 10:18:27 +0530
> From: Niranjan Patil <niranjan.patil at gmail.com>
> Subject: [OWASP-Bangalore] Application security assessment tool?
> To: owasp-bangalore at lists.owasp.org
> Message-ID:
>        <6b0ba69c0902252048i6e5ad9e4udfeaeeb5a0183e96 at mail.gmail.com>
> Content-Type: text/plain; charset=windows-1252
>
> Hi team,
>
> Need your help here.
> I work as an infosec manager and I have a strange request from a dev
> team for an application security assessment tool!
> I know it sounds little naive, but what they are looking for is
> something in the lines of Nessus but are ok if it?s not comprehensive
> one.
> They did understood when I explained about OWASP guidelines, OWASP top
> ten, SANS/MITRE top 25, webappsec.org, etc.. For them, a tool which
> can quickly scan and give out vulnerabilities/ exploits quickly is
> desired.
>
> --
> Regs,
> Niranjan
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 26 Feb 2009 16:17:13 +0530
> From: Akash <akashmahajan at gmail.com>
> Subject: Re: [OWASP-Bangalore] Application security assessment tool?
> To: owasp-bangalore at lists.owasp.org
> Message-ID:
>        <868b524f0902260247u5b8ae60dy8620823a0f1b6ad2 at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Google for web vulnerability scanners
>
> I would start with http://sectools.org/web-scanners.html
>
> I have personally used nikto a lot. You can customize it easily.
> I also use twill, selenium proxy as well.
>
> Have heard nice things about appscan and acunetix. But haven't used
> them personally.
>
> If they are curious about learning they can try out web scarab and web goat
>
> HTH
>
> regards
> Akash
>
>
> 2009/2/26 Niranjan Patil <niranjan.patil at gmail.com>:
> > Hi team,
> >
> > Need your help here.
> > I work as an infosec manager and I have a strange request from a dev
> > team for an application security assessment tool!
> > I know it sounds little naive, but what they are looking for is
> > something in the lines of Nessus but are ok if it?s not comprehensive
> > one.
> > They did understood when I explained about OWASP guidelines, OWASP top
> > ten, SANS/MITRE top 25, webappsec.org, etc.. For them, a tool which
> > can quickly scan and give out vulnerabilities/ exploits quickly is
> > desired.
> >
> > --
> > Regs,
> > Niranjan
> > _______________________________________________
> > OWASP-Bangalore mailing list
> > OWASP-Bangalore at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> >
>
>
>
> --
> regards
> akash
>
>
> ------------------------------
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>
> End of OWASP-Bangalore Digest, Vol 15, Issue 13
> ***********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090227/fde68bce/attachment.html 


More information about the OWASP-Bangalore mailing list