WebApp Sec mailing list archives
Re: Web Application Source Vulnerability Scanners
From: "Dave Aitel" <dave () immunitysec com>
Date: Sat, 1 Mar 2003 17:26:59 +1300
SPIKE Proxy is the best one *I* know of. :> Hit packetstorm or wiretapped.com to download it for Windows or Unix (it's Python and GPL) until Immunity's connectivity recovers from Verizon. Dave Aitel Network Support Immunity, Inc. www.immunitysec.com ----- Original Message ----- From: "Rosado, Rafael (Rafael)" <rarosado () lucent com> To: <webappsec () securityfocus com>; <cisspforum () yahoogroups com> Sent: Friday, February 28, 2003 8:26 AM Subject: Web Application Source Vulnerability Scanners
Does anyone know of open source vulnerability scanners in the Web Application Source Code security market segment? I am familiar and aware
of
the most common commercial tools (AppScan from Sanctum and WebInspect from SpiDymanics). The Open Web Application Application Security Project
(OWASP)
has started the development of an open source Weeb Application
Vulnerability
scanner called WebScarab, however, it is in the early stages of
development.
Any assistance on indentifying specific open source tools (names and web sites were to download) are greatly appreciated. Rafael Rosado, CISSP, CISA IT Security Manager Caribbean and Latin America Region (CALA) & Global Risk Assessment and Penetration Testing Lucent Technologies O Corporate Security Business Assurance and Risk Mitigation Services (B.A.R.M.S.) 2400 SW 145th Avenue - Room 3S039 Miramar, Florida 33027 +1 954-885-2176 (voice) * +1 954-885-3861 (fax) * +1 954-648-3532 (mobile) or 9546483532 () mobile att net (text message) * rarosado () lucent com (email) * This electronic mail message contains information belonging to Lucent Technologies, which may be confidential and/or legal privileged. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, printing, copying, distribution, or the taking of any
action
in reliance on the contents of this electronically mailed information is strictly prohibited. If you receive this message in error, please immediately notify us by electronic mail and delete this message.
Current thread:
- Web Application Source Vulnerability Scanners Rosado, Rafael (Rafael) (Feb 27)
- Re: Web Application Source Vulnerability Scanners Kevin Spett (Feb 27)
- Re: Web Application Source Vulnerability Scanners Dave Aitel (Feb 28)
- <Possible follow-ups>
- RE: Web Application Source Vulnerability Scanners Dawes, Rogan (ZA - Johannesburg) (Feb 28)
- RE: Web Application Source Vulnerability Scanners Ory Segal (Mar 04)
- Re: Web Application Source Vulnerability Scanners Javier Fernandez-Sanguino (Mar 07)
- Re: Web Application Source Vulnerability Scanners Kevin Spett (Mar 10)
- Re: Web Application Source Vulnerability Scanners Javier Fernandez-Sanguino (Mar 07)
- RE: Web Application Source Vulnerability Scanners securityarchitect (Mar 04)
- Re: Web Application Source Vulnerability Scanners Dave Aitel (Mar 04)
- Re: Web Application Source Vulnerability Scanners Kevin Spett (Mar 04)
- Re: Web Application Source Vulnerability Scanners Jeff Williams @ Aspect (Mar 04)
- RE: Web Application Source Vulnerability Scanners Brass, Phil (ISS Atlanta) (Mar 04)
- Re: Web Application Source Vulnerability Scanners Toby Barrick (Mar 04)
(Thread continues...)