[Owasp-vancouver] Web Application Scanners

Rui Pereira wavefront1 at shaw.ca
Fri Oct 22 09:37:46 EDT 2010


Some updates to Yvan's (OWASP's) list:

Commercial

Syhunt Sandcat, http://www.syhunt.com 

Free / Open Source

Paros Proxy dates from 2005. A updated fork of Paros called ZAP is available
- http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.  
Ratproxy - http://code.google.com/p/ratproxy 

Thank You 

Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC 
Principal Consultant 

WaveFront Consulting Group 
Certified Information Systems Security Professionals 

wavefront1 at shaw.ca | www.wavefrontcg.com | 1 604 961-0701 

This message and any attachments may contain confidential information
intended for a specific individual and purpose.  It is protected by law.  If
you are not the intended recipient, please notify the sender by return email
or by phone and delete this message.  Any unauthorized disclosure, copying
or distribution of this message, as well as taking any unauthorized action
based on its content, is prohibited.

-----Original Message-----
From: owasp-vancouver-bounces at lists.owasp.org
[mailto:owasp-vancouver-bounces at lists.owasp.org] On Behalf Of Yvan Boily
Sent: October-22-10 3:47 AM
To: owasp-vancouver at lists.owasp.org
Subject: [Owasp-vancouver] Web Application Scanner

Here is a list of currently available scanners, taken from
http://projects.webappsec.org/Web-Application-Security-Scanner-List

*Commercial Tools*

   - Acunetix WVS <http://www.acunetix.com/> by Acunetix
   - AppScan <http://www-01.ibm.com/software/awdtools/appscan/> by IBM
   - Burp Suite Professional <http://portswigger.net/suite/pro.html> by
   PortSwigger
   - Hailstorm <http://www.cenzic.com/products/software/overview/> by Cenzic
   - MileScan Web Security Auditor <http://www.milescan.com/hk/> by MileSCAN
   Technologies
   - N-Stalker <http://nstalker.com/products/> by N-Stalker
   - Nessus <http://www.nessus.org/> by Tenable Network Security
   - NetSparker <http://www.mavitunasecurity.com/> by Mavituna Security
   - NeXpose <http://www.rapid7.com/products/> by Rapid7
   - NTOSpider <http://www.ntobjectives.com/products/ntospider.php> by
   NTObjectives
   - Retina Web Security
Scanner<http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx>by
eEye Digital Security
   - WebApp360 <http://www.ncircle.com/index.php?s=products_webapp360> by
   nCircle
   -
WebInspect<https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp
?zn=bto&cp=1-11-201-200%5E9570_4000_100__>by
HP
   -
WebKing<http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=319>by
Parasoft
   - Websecurify <http://www.websecurify.com/>by GNUCITIZEN



*Software-as-a-Service Providers*

   - AppScan
OnDemand<http://www-01.ibm.com/software/awdtools/appscan/ondemand/>by
IBM
   - ClickToSecure <http://www.cenzic.com/products/saas/ctsARC/> by Cenzic
   - QualysGuard Web Application
Scanning<http://www.qualys.com/products/qg_suite/was/>by Qualys
   - Sentinel <http://whitehatsec.com/home/services/services.html> by
   WhiteHat
   - Veracode Web Application
Security<http://www.veracode.com/solutions/web-application-security-dynamic-
testing.html>by
Veracode
   -
WebInspect<https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp
?zn=bto&cp=1-11-201-200%5E9570_4000_100__>by
HP
   -
WebScanService<http://www.german-websecurity.com/en/products/webscanservice/
>by
Elanize KG



*Free / Open Source Tools*

   - Grabber <http://rgaucher.info/beta/grabber/> by Romain Gaucher
   - Grendel-Scan <http://grendel-scan.com/> by David Byrne and Eric Duprey
   - Paros <http://parosproxy.org/> by Chinotec
   - Powerfuzzer <http://www.powerfuzzer.com/> by Marcin Kozlowski
   - SecurityQA
Toolbar<https://www.isecpartners.com/SecurityQAToolbar.html>by iSEC Partners
   - Skipfish <http://code.google.com/p/skipfish/> by Michal Zalewski
   - W3AF <http://w3af.sourceforge.net/> by Andres Riancho
   - Wapiti <http://wapiti.sourceforge.net/> by Nicolas Surribas
   - Watcher <http://websecuritytool.codeplex.com/> by Casaba Security
   - Websecurify <http://www.websecurify.com/>by GNUCITIZEN



More information about the Owasp-vancouver mailing list