[Intrusions] need a suggestion of tool for pentest web application.

Rick.Wanner at sasktel.sk.ca Rick.Wanner at sasktel.sk.ca
Tue Jul 5 16:01:12 GMT 2005

I gather you are looking for a web vulnerability scanner.  You can do a 
reasonable job with the freeware nikto 
(http://www.cirt.net/code/nikto.shtml).  If you need to have a commercial 
product or want the better reporting you get from the commercial products, 
I am partial to AppScan 
(http://www.watchfire.com/products/security/default.aspx) or WebInspect 

WebInspect is the incumbent in the market.  AppScan is an up and comer 
that is making good progress into the market.  In my opinion AppScan has 
better reporting than WebInspect including very good compliance reporting.


Rick Wanner, B.Sc.,  I.S.P. 
Technical Analyst, Systems Security
Tel: 306-777-4832  Cell: 306-533-1812
Email: Rick.Wanner at sasktel.sk.ca
Text Messaging: 3065331812 at pcs.sasktelmobility.com

"Pepin, Dany" <dany.pepin at telussa.com> 
Sent by: intrusions-bounces at lists.sans.org
06/28/2005 09:46 AM
Please respond to
"Intrusions List \(GCIA Practicals\)" <intrusions at lists.sans.org>

<intrusions at lists.sans.org>

[Intrusions] need a suggestion of tool for pentest web application.

Hello list, 


Anyone can suggest me a tools to do a pentest on web application like
intranet etc and tell me why this tool is nice.

If possible with a license "per engagement".


Thx in advance.

Sorry for my bad English.



Intrusions mailing list
Intrusions at lists.sans.org

NOTICE:  This confidential e-mail message is only for the intended 
recipient(s). If you are not the intended recipient, be advised that 
disclosing, copying, distributing, or any other use of this message, is 
strictly prohibited. In such case, please destroy this message and notify 
the sender.

More information about the Intrusions mailing list