RE: OWASP Top 10 Demonstration CodeLooking for pen test open source tools

["Sebastien Deleersnyder" <sdl () ascure com>]

Hi,

The owasp tool for this is WebScarab
http://www.owasp.org/software/webscarab.html
The learning curve is somewhat steeper, but once you get this up and
running 
you'll notice that a lot can be achieved with it.

A commercial tool that's no too expensive (about 250 Euro) is VForce 
at http://solutions.virtualforge.net/sol_vforce_en.php

Remark that these tools allow you to manually test web app security. 
There are no - or limited - automated tests incorporated.
Automated 'open-source' scan tools are e.g. nikto or nessus.

Regards,

Sebastien

-----Original Message-----
From: Stephen de Vries [mailto:stephen () corsaire com] 
Sent: maandag 10 oktober 2005 11:57
To: mike03051 () yahoo com
Cc: webappsec () securityfocus com
Subject: Re: OWASP Top 10 Demonstration CodeLooking for pen test open
source tools


For a point and shoot (free) tool, Paros (www.parosproxy.org) is
probably your best bet.  But even more effective than Paros on it's own
is to read the OWASP guide to building secure web applications and then
applying that knowledge using Paros.

Stephen


On 9 Oct 2005, at 20:49, <mike03051 () yahoo com> wrote:

> Hi All,
>
> I am looking for an open source pen-test suite that can be used to 
> point at one of my web sites.
>
> I know this is a touchy subject. There are commercial tools out there 
> that perform these functions, but for small buisnesses this is a roll 
> of the dice pricy as you may not know exactly how good these tools 
> are.
>
> Any recommendations? Did I miss some tools on OWASP?
>
> Thank you,
> Mike