Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This is a place for us to start seriously talking about vendors. Who's great, who's not, what's it cost, how does it relate to their competitors and would we buy it? A place to talk about snakeoil, and brilliant products alike. Marketing fluff is forbidden. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
web app scanner
Posted by: toolbox
Date: January 11, 2010 11:06AM

Hello sla.ckers.org posters,

I'm looking for recommendations on a generally easy-to use web application scanner. It doesn't need to be free. It can be an application or server-based, but I'd like to steer clear of appliances.

I need one that can handle form, cookie, HTTP, and NTLM authentication and provides decent reporting and logging. Missing critical but hard-to-find vulnerabilities is acceptable, as long as the tool catches the most common issues (xss, plain text credentials, injection, etc) quickly.

Thanks for the opinions. :-D

Options: ReplyQuote
Re: web app scanner
Posted by: br0kan
Date: January 11, 2010 02:52PM

Well you've got a lot of options here if you're welling to pay...here are a few (in no particular order)

1. IBM Rational AppScan (multiple versions)
2. HP WebInspect (multiple versions)
3. Cenzic Hailstorm (multiple versions)
4. Acuenetix WVS
5. NT Objectives NTOspider
6. nStalker Enterprise Edition
7. Burp Proxy

If I were you I would also strongly consider WhiteHat Sentinel, despite the fact that it's not an application based scanner, it's one of the better solutions out there.

Here is a report summary on some of these solutions
http://www.whitehatsec.com/home/assets/reports/EMA_AppSecurity09SUMMARY.PDF

Options: ReplyQuote
Re: web app scanner
Posted by: youstar
Date: March 04, 2010 08:43AM

web.vulnerability.scanner.6.5

Options: ReplyQuote


Sorry, only registered users may post in this forum.