[OWASP-Bangalore] [Owasp-Mumbai] [OCC] Website Vulneralibility tool

Bipin Upadhyay muxical.geek at gmail.com
Tue Feb 9 14:23:46 EST 2010

Automated discovery will never discover "all" vulnerabilities.
Think about this way, do you really want to find out all CSRF holes in 
your app? How exactly does an app discover a logic flaw?

In any case, w3af would be a nice open source start. If you got moolah, 
there are tons of neat tools from SpiDynamics, Watchfire, Acunetix, 
Armorize etc.
It may also be a good idea to involve source code analysis (provided you 
have access to the source).

--Bipin Upadhyay.

On 2/10/2010 12:25 AM, Raxit Sheth wrote:
> X'posting to more relavnt list
> Raxit Sheth
> www.m4mum.com <http://www.m4mum.com>
> On Wed, Feb 10, 2010 at 12:20 AM, Sudhakar <sudhakar.arveti at gmail.com 
> <mailto:sudhakar.arveti at gmail.com>> wrote:
>     Hi guys,
>      What is the best Vulnerability tool to check vulnerability of a
>     website?
>     I went through some tools on the web but most of them are giving only
>     one of the service(e.g. xss,sql injection) .. etc.
>     Can anyone suggest me any vulnerability tool by which i can check
>     vulnerability of website?
>     Thanks,
>     Sudhakar.
>     --
>     You received this message because you are subscribed to the Google
>     Groups "OpenCoffeeClubAtBangalore" group.
>     To post to this group, send email to bangaloreocc at googlegroups.com
>     <mailto:bangaloreocc at googlegroups.com>.
>     To unsubscribe from this group, send email to
>     bangaloreocc+unsubscribe at googlegroups.com
>     <mailto:bangaloreocc%2Bunsubscribe at googlegroups.com>.
>     For more options, visit this group at
>     http://groups.google.com/group/bangaloreocc?hl=en.
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100210/23dc7df3/attachment.html 

More information about the OWASP-Bangalore mailing list