HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 32 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow WebApp Vulnerability Scanner Comparison
EH-Net
May 24, 2013, 10:30:34 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: WebApp Vulnerability Scanner Comparison  (Read 20833 times)
0 Members and 2 Guests are viewing this topic.
T_Bone
Full Member
***
Offline Offline

Posts: 199


View Profile
« on: November 15, 2010, 05:00:15 PM »
Please check out the list of WebApp vulnerability scanners below.  We currently use Acunetix at work and our licence is soon to expire ( I also use Burp Suite Pro with built in scanner).  Therefore I would like to see what alternatives you would recommend from experience?

Commercial: Acunetix, Netsparker, Appscan, WebInspect

Open-Source: w3af, Wapiti, GrendelScan, Websecurify, Skipfish
Logged
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #1 on: November 16, 2010, 03:38:43 AM »
My preferences are Acunetix and Burp Suite (free, though pro sounds cool) + Nikto (open source) and W3AF (open source) mostly.

However, a Web App Scanner can only do a part of the job, you should always check vulnerabilities and potential vulnerabilities manually since there are some that a scanner may never find, for example the latest 0day in vBulletin.

The possibility of a web app scanner finding that, is low due to the complexity of the attack including user interaction.

Most of the time I'm using manual methods especially on well known web applications since the web app scanners only finds common minor risks which is good to have included in the report, but it's rarely I see anything really critical.

The power of the scanner is when it comes to iterations, such as looking for files and directories that shouldn't be there, common vulnerabilities that a hacker might not look for, such as TRACE requests enabled (which has a very low attack vector), public log files which can't be used to penetrate the target, and perhaps backup files which can be really useful. (and so forth)

Good luck with your future penetration testing of websites and of course your choice of scanner and pentesting framework.
Logged
I'm an InterN0T'er
T_Bone
Full Member
***
Offline Offline

Posts: 199


View Profile
« Reply #2 on: November 16, 2010, 04:24:57 AM »
MaXe

Yes I agree a web app scanner is certainly just part of the job and performing manual testing is actually what forms a penetration test.

I have found that Burp Scanner is pretty good as it has managed to find vulnerabilities on several occasions where Acunetix didnt detect anything.  I also use Nikto and Nessus but find these are more successful at finding web server vulnerabilities (Although maybe my configuration may need tweaking for better results) and dirbuster for hidden, default directiories and files etc etc
Logged
PhineasGage
Newbie
*
Offline Offline

Posts: 4



View Profile
« Reply #3 on: January 04, 2011, 05:04:08 AM »
Here's the study "An analysis of Black-box web security scanners" (pdf)

It presents an evaluation of eleven black-box web vulnerability scanners.
Logged
"An expert is a person who has made all the mistakes that can be made in a very narrow field." Niels Bohr
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 865



View Profile
« Reply #4 on: January 11, 2011, 02:04:27 PM »
And the conclusion is:
Quote
This paper presented the evaluation of eleven black-box web vulnerability scanners.
The results of the evaluation clearly show that the ability to crawl a web application and
reach “deep” into the application’s resources is as important as the ability to detect the
vulnerabilities themselves.
It is also clear that although techniques to detect certain kinds of vulnerabilities are
well-established and seem to work reliably, there are whole classes of vulnerabilities
that are not well-understood and cannot be detected by the state-of-the-art scanners.We
found that eight out of sixteen vulnerabilities were not detected by any of the scanners.
We have also found areas that require further research so that web application vulnerability
scanners can improve their detection of vulnerabilities. Deep crawling is vital
to discover all vulnerabilities in an application. Improved reverse engineering is necessary
to keep track of the state of the application, which can enable automated detection
of complex vulnerabilities.
Finally, we found that there is no strong correlation between cost of the scanner and
functionality provided as some of the free or very cost-effective scanners performed as
well as scanners that cost thousands of dollars.

Thanks for the link!
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #5 on: January 11, 2011, 02:09:46 PM »
Sounds like a compelling reason for manual testing to me. That's job security folks!
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.067 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.