WebApp Sec mailing list archives
Automagic webapp testing tools
From: <inflatablekiwi () gmail com>
Date: 9 Mar 2005 08:02:29 -0000
Hi Folks, I currently use SPI WebInspect for as part of a process for vulnerability assessments/pen tests on different web applications. The license is up for renewal soon and before re-purchasing, I'm wondering if anyone on the list has any real world thoughts/experiences on how it stacks up against some of the alternatives like - Watchfire Appscan - Kavado ScanDo - Any others I've missed Any list members thoughts (on or off the list) or pointers to good product comparisons for these would be much appreciated. I'm more of a believer in manual testing myself (yay Netcat and WebScarab!), but I also see the value in these sorts of tools. Ta, IF p.s Also as a totally random aside - I've recently been reading a couple of different security vendors pen test reports for similar profile web sites and I'm amazed by the analysis disparity on the same simple issues (like track and trace verbs being enabled - ranging from "Extreme Risk - The sky is falling - you will be owned now" to "Low risk - disable these verbs and move along"). Just saying.
Current thread:
- Automagic webapp testing tools inflatablekiwi (Mar 09)
- <Possible follow-ups>
- RE: Automagic webapp testing tools Evans, Arian (Mar 13)
- Re: Automagic webapp testing tools robert (Mar 18)
- Re: Automagic webapp testing tools Leigh Morresi (Mar 20)
- Re: Automagic webapp testing tools robert (Mar 18)