Full Disclosure mailing list archives
Re: Web application Security Scanner
From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Tue, 14 Jun 2005 11:08:31 +0200
Hi.An efficient program, capable of finding unknown vulnerabilities in web application, does not exist.
Nikto, Ns-stealth are usefull, but they will never do a proper audit.Paros, Sleuth and Spike are really usefull to find unknown vulnerabilites, but they are not automatic. Someone needs to be in front of the screen to interpret the behaviour of the application.
Fred tgoogle wrote:
Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Web application Security Scanner tgoogle (Jun 13)
- RE: Web application Security Scanner alex (Jun 13)
- Re: Web application Security Scanner deepquest (Jun 13)
- Re: Web application Security Scanner tgoogle (Jun 13)
- Re: Web application Security Scanner Valdis . Kletnieks (Jun 13)
- Re: Web application Security Scanner tgoogle (Jun 13)
- Re: Web application Security Scanner Frederic Charpentier (Jun 14)
- <Possible follow-ups>
- RE: Web application Security Scanner tgoogle (Jun 13)
- RE: Web application Security Scanner Todd Towles (Jun 13)
- RE: Web application Security Scanner alex (Jun 13)
- Re: Web application Security Scanner Valdis . Kletnieks (Jun 13)
- RE: Web application Security Scanner alex (Jun 13)