Penetration Testing mailing list archives
Re: Web Application Scanners Comparison
From: Derek Fountain <derekfountain () yahoo co uk>
Date: Wed, 28 Jan 2009 14:06:13 +0000
anantasec wrote:
I've tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo applications provided by the vendors (testphp.acunetix.com, demo.testfire.net, zero.webappsecurity.com) and I've done some tests to verify Javascript execution capabilities.
You've labelled this piece of Javascript: <script> // simple document.location = '/test_JS_1'; </script>as "A valid vulnerability was reported" by each of the 3 contenders. 5 points each.
I must be missing something. Where's the vulnerability?
Current thread:
- Re: Web Application Scanners Comparison, (continued)
- Message not available
- Re: Web Application Scanners Comparison anantasec (Jan 27)
- Re: Web Application Scanners Comparison Andre Gironda (Jan 28)
- Re: Web Application Scanners Comparison anantasec (Jan 28)
- Message not available
- Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison anantasec (Jan 28)
- Re: Web Application Scanners Comparison anantasec (Jan 28)