HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 54 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Resourcesarrow Toolsarrow Web App Pen Testing Products
EH-Net
May 22, 2013, 09:54:38 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Web App Pen Testing Products  (Read 6174 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« on: March 30, 2006, 03:20:54 PM »
Rooting Out Web App Holes 
By Jim Rapoza (eWeek Mag)
March 13, 2006

Review: Web application penetration-testing tool veterans WebInspect and AppScan show they still have the right security stuff.
Despite all the attention that security holes in various operating systems get, the most likely avenue for successfully compromising a corporate system is a poorly developed Web-based application. It's essential, therefore, for developers to find potential problems before deploying a Web application to a live site.

That's where Web application penetration-testing products come in. These tools let developers perform exhaustive application scans to find known security holes or even poorly designed code that could potentially lead to a security breach.

For full story:
http://www.eweek.com/article2/0,1759,1937372,00.asp

Podcast with Peter Coffee and Jim Rapoza looks at recent reviews of Web security products:
http://www.eweek.com/article2/0,1759,1939546,00.asp

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« Reply #1 on: March 30, 2006, 03:34:49 PM »
I will vouch that Webinspect is the real deal!  It rips the web server and finds tons of stuff, the reporting is sweet and it is worth the steep price if you are serious about web security.  My company had a 30 free trial to scan 1 IP address and the damn thing yielded a 450+ page report.  The box we tested was unpatched and an old version if IIS and it found everything from XSS to SQL injections and beyond.  It scans for HIPAA, PCI, Sarbanes-Oxley requirements by themselves or combined.  I highly suggest this product!!!  5 stars!
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« Reply #2 on: March 30, 2006, 03:36:18 PM »
Of course if you can't afford Webinspect, I recommend SARA and Nikto together.  They aren't as in-depth or as robust but are good nonetheless.
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
tmartin
Recruiters
Newbie
*
Offline Offline

Posts: 46


View Profile
« Reply #3 on: March 31, 2006, 07:37:05 AM »
Thanks for the input. Did your co buy it?
Logged
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« Reply #4 on: March 31, 2006, 08:07:59 AM »
No not yet.  I think that once we get certified we may buy it.  It is pretty expensive like I think but don't quote me $20,000 for one machine and can scan unlimited number of IP addresses.  They give you a registry key that locks/binds the registration to only that specified machine.  We had a 30 day trial one one machine to scan 1 IP address.  I am lobbying for us to buy it.
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.089 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.