Web vulnerability scanner

Viewing 7 reply threads
  • Author
    Posts
    • #8431
      zenlakin
      Participant

      I have looked around a bit online and have seen several options in such products like ZAP, Burp, Appscan, Accunetix…. etc…. I wanted to see what some of you might recommend for a good enterprise class web vulnerability scanner? I would be looking for something that could scale to ongoing scanning about around 150-250 medium to large websites. These website would range from having HTML, flash, javascript, ajax, and recently HTML5 incorporated in them. I use ZAP and Burp more for pentests as I am not sure they would scale or are even meant for scanning a large number of site in an ongoing fashion.

    • #52923
      cd1zz
      Participant

      Appscan is like 30K and up, is that an option?

    • #52924
      zenlakin
      Participant

      We already have appscan but I have been finding that it seems to be limited and have been having issues with recording login sessions as the browsers aren’t supported even though my version of appscan is fully up to date… Also, with large websites I find that it hangs a lot and I tend to receive a fair amount of out of memory errors and the application crashes and I have to star the scan all over.

    • #52925
      cd1zz
      Participant

      This is kind of a tough situation because most of these products are crappy. Burp is the best, but only for one site at a time. It doesn’t do well even with large, single sites.

      The problem you’re going to face is that the “right” product you find that can handle such a huge workload is probably going to give you the same marginal results, at best.

      The only product that really comes to mind that you might want to consider is Nexpose. It does web app scanning, although I’m not sure how well, and it can get pricey but it’s worth a look. You can schedule and it seems to perform well on larger engagements. I was also going to say appscan but you already don’t like that product.

    • #52926
      caissyd
      Participant

      Have you look at this site?
      http://sectooladdict.blogspot.ca/2012/07/2012-web-application-scanner-benchmark.html

      Very good information can be found there about web application vulnerability scanners!!

    • #52927
      BillV
      Participant

      Give arachni a shot. In my experience, and based on my quick glance at the results of their testing it seems they agree, this free tool can compete with the commercial tools.

    • #52928
      BillV
      Participant

      I missed the part about enterprise and scaling.. it’s probably not the best option for that.

    • #52929
      JasonInnor
      Participant

      Ive looked everywhere and cant find how to delete the .MDX files that are generated on my web server. I can find code for the desktop and even the delete when exit code. Problem is this is a web project and doesnt ever exit. The other day I had over 7k of the .MDX files. How can I make them go away.

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?