[OWASP-Bangalore] Suggestion for a good Web security scanner

vedantam.sekhar at emc.com vedantam.sekhar at emc.com
Fri Feb 4 03:49:13 EST 2011


Hi Natarajan,

Not sure if you have already evaluated these, but some other commercial scanners I know are Cenzic, WebInspect, Appscan. I heard false positives are less in Cenzic but tool is  not user friendly. Webinspect, is easy to navigate, gives users multiple options to customize their scans with various crawling methods. Privilege escalation checks and some of the authorization checks can be done in Cenzic but is not available with Web Inspect. Pricing part, I think web inspect is costlier than Cenzic.

Thank you,

SEKHAR

From: vedantam.sekhar at emc.com [mailto:vedantam.sekhar at emc.com]
Sent: Friday, February 04, 2011 1:12 PM
To: owasp-bangalore at lists.owasp.org; owasp-chennai at lists.owasp.org
Subject: RE: [OWASP-Bangalore] Suggestion for a good Web security scanner

Hi Natarajan,

Not sure if you have already evaluated these, but some other commercial scanners I know are Cenzic, WebInspect, Appscan. I heard false positives are less in Cenzic but tool is  not user friendly. Webinspect, is easy to navigate, gives users multiple options to customize their scans with various crawling methods. Privilege escalation checks and some of the authorization checks can be done in Cenzic but is not available with Web Inspect. Pricing part, I think web inspect is costlier than Cenzic.

Thank you,

SEKHAR

From: owasp-bangalore-bounces at lists.owasp.org [mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of Rajagopal Natarajan
Sent: Wednesday, February 02, 2011 11:09 PM
To: owasp-bangalore at lists.owasp.org; owasp-chennai at lists.owasp.org
Subject: [OWASP-Bangalore] Suggestion for a good Web security scanner

Hi Fellow OWASPers,

I've been trying to evaluate tools that would help me find XSS and other security loopholes on a given site.

Scanmus is one that is not available to anyone outside of Yahoo!
Acunetix is another that I found.
Burpsuite Professional doesn't let users trial the software before buying it.
It is difficult to evaluate these software without getting hold of a copy.

Any suggestions or pointers from your experiences would be highly appreciated

PS: Excuse me about cross posting to bangalore and chennai lists, incase there are people subscribed to both.

Thanks,
Rajagopal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20110204/5fe38fc6/attachment.html 


More information about the OWASP-Bangalore mailing list