WebInspect is designed specifically for web application security assessments. There's a fully-functional evaluation download. www.spidynamics.com/download.html Also check out the "On web application audits" thread on the www-mobile-code list from this week. Norman Cook's post goes into detail on tools. http://www.securityfocus.com/cgi-bin/archive.pl?id=107&mid=215692&start=2001 -09-21&end=2001-09-27 Kevin. ----- Original Message ----- From: "Dom De Vitto" <Domat_private> To: <pen-testat_private>; <vuln-devat_private> Sent: Monday, September 24, 2001 7:17 AM Subject: Web Application Testers. > I've just been reading about Sanctum's AppScan, which appears to be on the > right track, but I've nothing to compare it to... > > Any advice/experience. > > FYI, AppScan breaks/subverts web applications - there are plenty of tools > to break web servers (apache/IIS), but it looks like appscan is on it's own > on the test-the-bespoke-web-app front. > > Thanks all, in advance, > Dom > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > >
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 03:30:35 PDT