WebApp Sec mailing list archives
RE: OWASP Top 10 Demonstration CodeLooking for pen test open source tools
From: "Sebastien Deleersnyder" <sdl () ascure com>
Date: Mon, 10 Oct 2005 23:59:44 +0200
Hi, The owasp tool for this is WebScarab http://www.owasp.org/software/webscarab.html The learning curve is somewhat steeper, but once you get this up and running you'll notice that a lot can be achieved with it. A commercial tool that's no too expensive (about 250 Euro) is VForce at http://solutions.virtualforge.net/sol_vforce_en.php Remark that these tools allow you to manually test web app security. There are no - or limited - automated tests incorporated. Automated 'open-source' scan tools are e.g. nikto or nessus. Regards, Sebastien -----Original Message----- From: Stephen de Vries [mailto:stephen () corsaire com] Sent: maandag 10 oktober 2005 11:57 To: mike03051 () yahoo com Cc: webappsec () securityfocus com Subject: Re: OWASP Top 10 Demonstration CodeLooking for pen test open source tools For a point and shoot (free) tool, Paros (www.parosproxy.org) is probably your best bet. But even more effective than Paros on it's own is to read the OWASP guide to building secure web applications and then applying that knowledge using Paros. Stephen On 9 Oct 2005, at 20:49, <mike03051 () yahoo com> wrote:
Hi All, I am looking for an open source pen-test suite that can be used to point at one of my web sites. I know this is a touchy subject. There are commercial tools out there that perform these functions, but for small buisnesses this is a roll of the dice pricy as you may not know exactly how good these tools are. Any recommendations? Did I miss some tools on OWASP? Thank you, Mike
Current thread:
- Re: OWASP Top 10 Demonstration CodeLooking for pen test open source tools mike03051 (Oct 10)
- Re: OWASP Top 10 Demonstration CodeLooking for pen test open source tools Stephen de Vries (Oct 10)
- <Possible follow-ups>
- RE: OWASP Top 10 Demonstration CodeLooking for pen test open source tools Sebastien Deleersnyder (Oct 11)