Penetration Testing mailing list archives
RE: Pen testing web servers
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Fri, 19 Dec 2008 22:04:19 -0800
On the commercial side, what does NTOspider offer or do better than an Appscan or WebInspect? I haven't had any hands-on time with NTOspider so am curious. -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "I cannot brain today, I have the dumb"
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adriel T. Desautels Sent: Friday, December 19, 2008 7:08 PM To: Kevin P Biggs Cc: pen-test () securityfocus com Subject: Re: Pen testing web servers So you probably want a free one tool. if I were you I'd check out burp suite. It can help you assess the security of your application at a very deep level if you know what you are doing. If you want to pay for something like a scanner, well I can't really recommend one. I have yet to find one that I'm at all impressed by aside from *maybe* NTOspider... but I'm still on the fence there... On Dec 19, 2008, at 9:35 PM, Kevin P Biggs wrote:Its for pentesting my own web server that I will be running wordpress, some forum software, and other things on ... Adriel T. Desautels wrote:Kevin, Are you looking to pentest your own web application or someone else's? Its an important question because the answer will determine the tool. On Dec 19, 2008, at 6:10 PM, Kevin P Biggs wrote:What does everyone consider the best pen tool for testing web servers? I have tried Nessus. What tool(s) do you recommend? ------------------------------------------------------------------------This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------Adriel T. Desautels ad_lists () netragard comAdriel T. Desautels ad_lists () netragard com ----------------------------------------------------------------------- - This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ----------------------------------------------------------------------- -
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Pen testing web servers Kevin P Biggs (Dec 19)
- RE: Pen testing web servers John Babio (Dec 19)
- Re: Pen testing web servers Micah Lee (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 19)
- Re: Pen testing web servers Kevin P Biggs (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 19)
- RE: Pen testing web servers Erin Carroll (Dec 19)
- Re: Pen testing web servers Adriel T. Desautels (Dec 20)
- Re: Pen testing web servers Kevin P Biggs (Dec 19)
- RE: [Dailydave] Pen testing web servers Brett Moore (Dec 20)
- RE: Pen testing web servers Shenk, Jerry A (Dec 23)
- <Possible follow-ups>
- Re: Pen testing web servers infolookup (Dec 19)