On Wed, 2004-04-07 at 20:50, Micah Anderson wrote: > Hey all, > > I am looking for some scanners which look for known vulnerabilities in > different web software. Have a look at owasp http://www.owasp.org/index and their http://www.owasp.org/development/webscarab Haven't gotten round to trying it yet because last time I looked they were nowhere near usable but looking at their page it seems they have gotten a long way now. from the project web page: ----- WebScarab is a loose suite of web application security assessment tools written entirely in Java and therefore multi-platform. Eventually the tools will all work together. It is designed to be a tool for technical auditors who want to expose some of the workings of an application and automate some of the tests, whilst still having the flexibility to force the tests to execute the way the auditor wishes. There is no shiny red button on WebScarab, it is a tool primarily designed to be used by developers who can write code themselves. ---- [snip] > Thanks! > Hope it helps, let me know how it worked if you tried this scanner.
Attachment:
signature.asc
Description: This is a digitally signed message part