WebApp Sec mailing list archives
RE: Open Source Application Vulnerability Assessment Tools
From: "Arian J. Evans" <arian.evans () anachronic com>
Date: Sun, 1 Oct 2006 16:39:48 -0500
The lack of info is because, in this domain, there really isn't anything in the "automated web app scanner" domain worth using. For manual testing, there are a ton of tools. Undertaking the creation of one is challenging. The variables are certainly far, far higher than harnessing a scripted testing engine and regex matcher to a port scanner/protocol fingerprinter, a'la Nessus. This is a much harder problem, more variables, and not many folks do a good job at it. (These are smart folks too, but it's a hard problem). </free_lunch> -ae
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Aman Raheja Sent: Thursday, September 28, 2006 4:01 PM To: Brokken, Allen P.; webappsec () securityfocus com Subject: Re: Open Source Application Vulnerability Assessment Tools Some tools are listed here http://sectools.org/web-scanners.html Aman Raheja, CISSP PGP Key: www.techquotes.com/araheja.asc On Wed, 27 Sep 2006 14:40:19 -0500, "Brokken, Allen P." <BrokkenA () missouri edu> wrote :On this list we talk a lot about various vendor providedtools quite abit. In general it appears most solutions areWindows-centric in theirinstallation even if they work against multiple platforms. With the prevalence of LAMP systems I would figure theremust be somemeans of doing a security assessment on their applicationswith nativetools. It seems odd to me that there isn't a NESSUS equivalent for application testing. I'm wondering what is available from the Open Source community in the way of * Black Box web assessment software * Source code assessment software * Assessment management software I'm more looking for names/urls to projects than I am for any comparisons or descriptions. Allen Brokken Information Security and Account Management - IAT Services- Universityof Missouri -brokkena () missouri edu - (573)884-8708-------------------------------------------------------------- -----------Sponsored by: Watchfire It's been reported that 75% of websites are vulnerable toattack. That'sbecause hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longerapply. Downloadthe "Addressing Challenges in Application Security"whitepaper today, andsee for yourself.https://www.watchfire.com/securearea/whitepapers.aspx?id=70150 0000008Vmw-------------------------------------------------------------- -------------------------------------------------------------------------- ----------- Sponsored by: Watchfire It's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself. https://www.watchfire.com/securearea/whitepapers.aspx?id=70150 0000008Vmw -------------------------------------------------------------- ------------
------------------------------------------------------------------------- Sponsored by: Watchfire It's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself. https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmw --------------------------------------------------------------------------
Current thread:
- RE: Open Source Application Vulnerability Assessment Tools Arian J. Evans (Oct 01)
- <Possible follow-ups>
- RE: Open Source Application Vulnerability Assessment Tools Arian J. Evans (Oct 02)