WebInspect is designed specifically for web application security
assessments. There's a fully-functional evaluation download.
www.spidynamics.com/download.html
Also check out the "On web application audits" thread on the
www-mobile-code list from this week. Norman Cook's post goes into detail on
tools.
http://www.securityfocus.com/cgi-bin/archive.pl?id=107&mid=215692&start=2001
-09-21&end=2001-09-27
Kevin.
----- Original Message -----
From: "Dom De Vitto" <Domat_private>
To: <pen-testat_private>; <vuln-devat_private>
Sent: Monday, September 24, 2001 7:17 AM
Subject: Web Application Testers.
> I've just been reading about Sanctum's AppScan, which appears to be on the
> right track, but I've nothing to compare it to...
>
> Any advice/experience.
>
> FYI, AppScan breaks/subverts web applications - there are plenty of tools
> to break web servers (apache/IIS), but it looks like appscan is on it's
own
> on the test-the-bespoke-web-app front.
>
> Thanks all, in advance,
> Dom
>
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 03:30:35 PDT