.

Commercial Web Application Test Suites

<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Tue Dec 19, 2006 11:44 am

Commercial Web Application Test Suites

I know that most people here probably use the various open source web application testing tools such as

Paros Proxy - http://www.parosproxy.org/index.shtml
WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Spike Proxy - http://www.immunitysec.com/resources-freesoftware.shtml
BurpSuite - http://portswigger.net/
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project

But has anybody used any of the following commercial products to do automated testing and reporting within their environment?  If so, did you like it and was it worth it?

N-Stalker - http://www.nstalker.com/?src=winsecurity
Acunetix - http://www.acunetix.com/vulnerability-scanner/
NTOSpider - http://www.ntobjectives.com/products/ntospider.php
WebInspect - http://www.spidynamics.com/products/webinspect/index.html

Personally, from a testing standpoint I really like the ParosProxy but the last time I checked it does not have very good fuzzing capabilities.  Using some of the other free tools (like BurpSuite) fixes that but as I also have other issues to monitor and test being able to automate some of these tasks and increase my reporting output might actually be worth spending some money.

Thanks for your input.
Go forth and do good things,
Cutaway
<<

chugh_a

Newbie
Newbie

Posts: 15

Joined: Thu Sep 21, 2006 12:47 am

Post Tue Dec 19, 2006 10:34 pm

Re: Commercial Web Application Test Suites

AppScan (http://www.watchfire.com/default.aspx) is a nice tool which can be used to automate many testign activities.
CEH
<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Wed Dec 20, 2006 2:44 pm

Re: Commercial Web Application Test Suites

Yes, so far it appears that Watchfire (AppScan) and SPI Dynamics (WebInspect) are the big players in this field with their inclusion of development modules and review (whitebox testing).  But I am hoping to determine if anybody has any insight to whether or not the other products stand up to them in the field of automated assessment and pentesting (blackbox) and reporting output.

Thanks for the input.
Go forth and do good things,
Cutaway

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software