Re: [WEB SECURITY] Web Application Scanners Comparison

[anantasec <anantasec () googlemail com>]

Hello Ory,

Sure, I'm sorry for not including this information in the initial report.

I've used three machines:

1. Unix machine for testing PHP applications
Operating system: FreeBSD 6.4-RELEASE
Web Server: Apache/2.2.3 (FreeBSD) DAV/2 PHP/5.2.8 mod_ssl/2.2.3
OpenSSL/0.9.7e-p1

relevant .htaccess settings: (placed in the root directory. some
applications may rewrite these settings).
php_value magic_quotes_gpc Off
php_value register_globals On
php_value allow_url_fopen On
php_value allow_url_include On

2. Windows machine for testing Java applications
Operating system: Windows XP Service Pack 2
Web Server: Apache Tomcat 6.0.18
Java Virtual Machine: jre1.6.0_07

3. Windows machine used for testing ASP.NET applications
Operating system: Windows XP Service Pack 2
Web Server: Microsoft-IIS/5.1
ASP.NET versions:
1.1.4322
2.0.50727


On 1/29/09, Ory Segal <SEGALORY () il ibm com> wrote:
> Hello,
>
> Could you be kind enough and share with us the environment on which you
> have installed the web applications? operating system, version, service
> packs, web server type and version, etc.?
>
> Thank you,
> -Ory Segal

-- 
http://anantasec.blogspot.com

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------