OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
RE: Pen testing web servers

From: Erin Carroll (amoebaamoebazone.com)
Date: Sat Dec 20 2008 - 00:04:19 CST


On the commercial side, what does NTOspider offer or do better than an
Appscan or WebInspect? I haven't had any hands-on time with NTOspider so am
curious.

--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"I cannot brain today, I have the dumb"

> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of Adriel T. Desautels
> Sent: Friday, December 19, 2008 7:08 PM
> To: Kevin P Biggs
> Cc: pen-testsecurityfocus.com
> Subject: Re: Pen testing web servers
>
> So you probably want a free one tool.
>
> if I were you I'd check out burp suite. It can help you assess the
> security of your application at a very deep level if you know what you
> are doing. If you want to pay for something like a scanner, well I
> can't really recommend one. I have yet to find one that I'm at all
> impressed by aside from *maybe* NTOspider... but I'm still on the
> fence there...
>
> On Dec 19, 2008, at 9:35 PM, Kevin P Biggs wrote:
>
> > Its for pentesting my own web server that I will be running
> > wordpress, some forum software, and other things on ...
> > Adriel T. Desautels wrote:
> >> Kevin,
> >> Are you looking to pentest your own web application or someone
> >> else's? Its an important question because the answer will determine
> >> the tool.
> >>
> >>
> >> On Dec 19, 2008, at 6:10 PM, Kevin P Biggs wrote:
> >>
> >>> What does everyone consider the best pen tool for testing web
> >>> servers?
> >>> I have tried Nessus.
> >>> What tool(s) do you recommend?
> >>>
> >>> -------------------------------------------------------------------
> -----
> >>> This list is sponsored by: Cenzic
> >>>
> >>> Security Trends Report from Cenzic
> >>> Stay Ahead of the Hacker Curve!
> >>> Get the latest Q2 2008 Trends Report now
> >>>
> >>> www.cenzic.com/landing/trends-report
> >>> -------------------------------------------------------------------
> -----
> >>>
> >>
> >> Adriel T. Desautels
> >> ad_listsnetragard.com
> >>
> >>
> >>
> >>
> >
>
> Adriel T. Desautels
> ad_listsnetragard.com
>
>
>
>
> -----------------------------------------------------------------------
> -
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> -----------------------------------------------------------------------
> -

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------