As you can imagine I spend a good portion of my time keeping a close watch on the movements of website vulnerability assessment market. Part of that requires identifying the different players, who is really offering what (versus what they say they do), how they do it, how well, and for how much. Most of the time it is easier said than done, parsing vague marketing literature, and it is never "done." Every once in a while I post a chart listing the notable SaaS/Cloud/OnDemand/Product vendors and how some of their key features compare, not so much in degree, but at least in kind. If anything is missing or incorrect, which there probably is, please comment and I’ll be happy to update.
출처 : http://jeremiahgrossman.blogspot.com/
- nikto(perl)기반 *.nix 계열에서 사용
- n_stealth (http://nstalker.com/) 22,000개의 웹 취약점 db 이용하여 웹스캔
2. 2세대 스캐너(상용)-sql_injection
- Absinthe(http://www.0x90.org) -*.nix계열 sql_injection가능
- Data thief(http://www.appsecine.com
- wposion(http://sourceforge.net/project/wposion) - unix기반
;open source group에서 만든 툴 sql injection 가능....
3. 2.5세대 스캐너(상용) web application 모든보안테스트 가능
; 개발단계에서부터 검사할 수 있는 툴
- Acunetix(http://www.acunetix.com) 가장최근에나옴,asp전용
※ 2.5세대 돌리면 거의 모든 취약점이 나옴.