The Ethical Hacker Network - Web App Pen Testing Products

Latest Additions

Who's Online

EH-Net Donations

Google Ads

EH-Net News Feeds

Latest Additions

Book Recommendations

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 2380

Editor-In-Chief

Web App Pen Testing Products

« on: March 30, 2006, 03:20:54 PM »

Rooting Out Web App Holes
By Jim Rapoza (eWeek Mag)
March 13, 2006

Review: Web application penetration-testing tool veterans WebInspect and AppScan show they still have the right security stuff.

Despite all the attention that security holes in various operating systems get, the most likely avenue for successfully compromising a corporate system is a poorly developed Web-based application. It's essential, therefore, for developers to find potential problems before deploying a Web application to a live site.

That's where Web application penetration-testing products come in. These tools let developers perform exhaustive application scans to find known security holes or even poorly designed code that could potentially lead to a security breach.

For full story:
http://www.eweek.com/article2/0,1759,1937372,00.asp

Podcast with Peter Coffee and Jim Rapoza looks at recent reviews of Web security products:
http://www.eweek.com/article2/0,1759,1939546,00.asp

Don


	Logged

CISSP, MCSE, CEH, Security+ SME

Dengar13

Full Member

Offline

Posts: 224

Re: Web App Pen Testing Products

« Reply #1 on: March 30, 2006, 03:34:49 PM »

I will vouch that Webinspect is the real deal! It rips the web server and finds tons of stuff, the reporting is sweet and it is worth the steep price if you are serious about web security. My company had a 30 free trial to scan 1 IP address and the damn thing yielded a 450+ page report. The box we tested was unpatched and an old version if IIS and it found everything from XSS to SQL injections and beyond. It scans for HIPAA, PCI, Sarbanes-Oxley requirements by themselves or combined. I highly suggest this product!!! 5 stars!


	Logged

A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

Dengar13

Full Member

Offline

Posts: 224

Re: Web App Pen Testing Products

« Reply #2 on: March 30, 2006, 03:36:18 PM »

Of course if you can't afford Webinspect, I recommend SARA and Nikto together. They aren't as in-depth or as robust but are good nonetheless.


	Logged

A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

tmartin

Recruiters
Newbie

Offline

Posts: 46

Re: Web App Pen Testing Products

« Reply #3 on: March 31, 2006, 07:37:05 AM »

Thanks for the input. Did your co buy it?


	Logged

Dengar13

Full Member

Offline

Posts: 224

Re: Web App Pen Testing Products

« Reply #4 on: March 31, 2006, 08:07:59 AM »

No not yet. I think that once we get certified we may buy it. It is pretty expensive like I think but don't quote me $20,000 for one machine and can scan unlimited number of IP addresses. They give you a registry key that locks/binds the registration to only that specified machine. We had a 30 day trial one one machine to scan 1 IP address. I am lobbying for us to buy it.


	Logged

A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

Pages: [1] Go Up

« previous next »

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!

Recent Forum Topics

Network Pen Testing : An Ethical Hacker must have these skills... (44) by Lancewang
Other : LZMA Decompression Help (5) by blueback00
Network Pen Testing : Firecat 1.4 (0) by sbsb
Career Central : Where do I start. (1) by vijay2
Forensics : The Julie Amero Case: A Dangerous Farce (2) by pseud0
News from the Outside World : [TheRegister] Apple tells Mac users: Get anti-virus (0) by jimbob
Programming : not static? (7) by RoNNie_13
Calendar Of Events : BOSS Conference 2009 (0) by don
Calendar Of Events : CSI SX 2009 (0) by don
Calendar Of Events : Security OPUS Spring 2009 (0) by don
Calendar Of Events : CanSecWest 2009 (0) by don
Calendar Of Events : Carolinacon 2009 (0) by don
Calendar Of Events : Black Hat USA 2009 (0) by don
Calendar Of Events : Black Hat Europe 2009 (0) by don
Calendar Of Events : Black Hat DC 2009 (0) by don
Calendar Of Events : Cyber Warfare 2009 (0) by don
Calendar Of Events : White Hat Ball 2009 (0) by don
Calendar Of Events : RSA Conference 2009 (0) by don
Calendar Of Events : SOURCE Boston 2009 (0) by don
Calendar Of Events : Notacon 6 (0) by don
Calendar Of Events : ShmooCon 2009 (0) by don
Calendar Of Events : SANS Pen Testing Summit 2009 (0) by don
Calendar Of Events : SANS 2009 (0) by don
Calendar Of Events : SANS Security West 2009 (0) by don
Calendar Of Events : SANS CDI 2008 (0) by don
Other : Early Details of Vista, Server 2008 SP2 Due in April (0) by don
Career Central : 7 Tips for Career Growth in Tight Times (0) by don
Other : Do we or Dont we... (7) by pseud0
Special Events : Pen Testing Perfect Storm Webcast Series: Part 2 - Teaser (6) by don
News from the Outside World : Would you trade your privacy for a smartphone? (5) by jason
Physical Security : Key Duplication from Photos (5) by jason
Career Central : Confused about future (8) by Artful Dodger
Tools : Cain & Abel v4.9.24 Released (1) by RoleReversal
CEH - Certified Ethical Hacker : MSS from EC-Council? (13) by shednik
Book Reviews : Network Intrusion Alert (1) by don
Hardware : Lenovo Introduces Remote Disable Feature for Laptops (16) by jason
Wireless : Jamming by babycam (6) by jason
Other : What kind of lab, machines you have for your security testing? (6) by MadmanTM
Wireless : help wid wifi !!!! (1) by jason
Malware : Military Bans Removable Media (10) by ChrisG

Support EH-Net by Buying all of your Amazon items using the search bar above. Try CBT Nuggets Free!

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!