Penetration Testing
OWASP Top 10 penetration testing software? Feb 28 2012 07:35PM
webcat (matthew mckinzie lewin com) (7 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 09:40PM
Nathalie Vaiser (nvaiser gmail com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:50PM
David Mirza (dma subgraph com)
On 02/28/2012 02:35 PM, webcat wrote:
> Hi, for one of my websites, I have been required to use a web application
> scanner that tests against the OWASP Top Ten threats. I'm looking for a
> scanner that does this that is inexpensive or free.
>
> Possible scanners I've found for this include the OWASP Zed Attach Proxy
> Project, Sonar, and w3af, but none of these explicitly tests against the
> OWASP Top Ten threats (at least not that I can tell).
>
> Does anyone know of a scanner that does test against the OWASP Top Ten
> threats? Thank you!

We have written a web scanner and intercepting proxy called Vega, it's in beta. It's free and open source, you should check it out. It's really not possible for one magic automated tool to check for all of the Owasp Top 10 issues (#3, #7..). For comprehensive coverage, you will need to take a hybrid automated/manual approach.

We're working on a new release and looking for feedback, so I recommend you grab the develop branch from github (for now) to see some of the newest features. We'll put up a proper build soon.

Download the beta build: http://www.subgraph.com
Source: http://github.com/subgraph/Vega

Detailed write-up in February's (IN)Secure magazine:
http://www.net-security.org/dl/insecure/INSECURE-Mag-33.pdf

In the case of Windows, if you (or anyone) ping me directly with your platform details I can give you a build.

--
David Mirza Ahmad <dma (at) subgraph (dot) com [email concealed]> | @attractr
Subgraph | @subgraph
Vega, the Open Source Web Security Platform
http://www.subgraph.com

E73B E35A 0D3A FC28 E5A9 5266 21EB 2FBC 1C84 0AA5

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:44PM
psiinon (psiinon gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Mar 05 2012 11:00AM
Zaki Akhmad (zakiakhmad gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Mar 05 2012 11:17AM
psiinon (psiinon gmail com) (1 replies)
RE: OWASP Top 10 penetration testing software? Mar 05 2012 05:46PM
Adam Behnke (adam infosecinstitute com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:33PM
Tim Gonzales (tim gonzales gmail com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:15PM
martin mngoma gmail com (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:44PM
Robert Wood (robertwood50 gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:53PM
martin mngoma gmail com
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:09PM
Michele Orru (antisnatchor gmail com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:07PM
M. Hani Benhailes (kroosec gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:32PM
webcat (matthew mckinzie lewin com)


 

Privacy Statement
Copyright 2010, SecurityFocus