|
|
Penetration Testing
Nmap Sep 30 2011 09:17PM Ukpong (ukpong ukpong gmail com) (3 replies) Re: Nmap Oct 02 2011 02:37AM Jeffory Atkinson (jatkinson zelvin com) (1 replies) Re: Nmap Oct 02 2011 09:35PM John M. Martinelli (john martinelli redlevel org) (2 replies) Opinions on Burp Suite Web App Scanner Oct 12 2011 03:31PM Derrenbacker, L. Jonathan (JDerrenbacker KSHGS com) (5 replies) RE: Opinions on Burp Suite Web App Scanner Oct 12 2011 04:41PM Ben de Bont (bendebont gmail com) (1 replies) Re: Opinions on Burp Suite Web App Scanner Oct 19 2011 05:15AM Meenal Mukadam (meenal mukadam gmail com) (1 replies) |
|
Privacy Statement |
If you want to verify your web app is secure, then get a pentester to
do the job.
Burp is meant to be a helping hand to the pentester, not an assurance tool.
BR,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
---
The information contained in this communication is intended solely
for the use of the individual or entity to whom it is addressed
and others authorized to receive it. It may contain confidential
or legally privileged information. If you are not the intended
recipient you are hereby notified that any disclosure, copying,
distribution or taking any action in reliance on the contents of
this information is strictly prohibited and may be unlawful.
If you have received this communication in error, please notify the
sender immediately by responding to this email and then delete
it from your system.
On Wed, Oct 19, 2011 at 8:15 AM, Meenal Mukadam
<meenal.mukadam (at) gmail (dot) com [email concealed]> wrote:
>
> Dear Jon,
>
> Webscarab was my #1 but after using Burp I had to hand over the #1
> title to Burp Suite. Many 'on-the-fly' options for testing makes it a
> pentesters best friend. You can also refer to this article if you want
> more information about different scanners and their accuracy:
> http://ha.ckers.org/blog/20100203/accuracy-and-time-costs-of-web-applica
tion-security-scanner-report/
>
> Regards,
> Meenal Mukadam
>
>
> On Wed, Oct 12, 2011 at 10:41 AM, Ben de Bont <bendebont (at) gmail (dot) com [email concealed]> wrote:
> >
> > BurpSuite is my pen-test teams tool of choice. The spider and scanner are
> > great, and it has a lot of other functionality that is very useful. It is
> > also cheap - get it.
> >
> > - Ben de Bont
> >
> > -----Original Message-----
> > From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
> > Behalf Of Derrenbacker, L. Jonathan
> > Sent: Wednesday, October 12, 2011 8:31 AM
> > To: pen-test (at) securityfocus (dot) com [email concealed]
> > Subject: Opinions on Burp Suite Web App Scanner
> >
> > I have budget for a web app vulnerability scanner, and I was wondering if
> > anyone has opinions on the professional version Burp Suite with the scanner
> > option.
> > Is the scanner any good? Accurate?
> >
> > This is the website if anyone doesn't know what it is:
> > http://portswigger.net/burp/scanner.html
> >
> >
> >
> > Thanks,
> > Jon
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually
> > do a proper penetration test. IACRB CPT and CEPT certs require a full
> > practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
> >
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
> >
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]