'Acunetix'에 해당되는 글 5건

  1. 2009.08.31 Website VA Vendor Comparison Chart
  2. 2009.02.09 웹 어플리케이션 취약점 스캐너
2009. 8. 31. 09:42

Website VA Vendor Comparison Chart

Update 08.24.2009: Billy Hoffman (HP) and I have been having some email dialog about the production-safe heading. Clearly this is contentious issue. Scanning coverage and depth are directly tied to the risk of production-safety, and every vendor has a slightly different approach to how they address the concerns. Basically I asked if vendors made a production-safe claim, that they have some reasonable verbiage/explanation for how they do so -- no assumption of production safety will be made. Billy publicly posted how HP does so (complete with the highlights of our dialog) and got check mark. Simple. Still for the immediate future I'm going to eliminate the heading from the chart until I can draft up a decent set of criteria that will make things more clear. This of course will be open to public scrutiny. In the meantime, if anyway vendors want to post links about how their achieve "production-safe" they should be feel free to do so.

As you can imagine I spend a good portion of my time keeping a close watch on the movements of website vulnerability assessment market. Part of that requires identifying the different players, who is really offering what (versus what they say they do), how they do it, how well, and for how much. Most of the time it is easier said than done, parsing vague marketing literature, and it is never "done." Every once in a while I post a chart listing the notable SaaS/Cloud/OnDemand/Product vendors and how some of their key features compare, not so much in degree, but at least in kind. If anything is missing or incorrect, which there probably is, please comment and I’ll be happy to update.

출처 : http://jeremiahgrossman.blogspot.com/

Trackback 1 Comment 0
2009. 2. 9. 20:48

웹 어플리케이션 취약점 스캐너

1. 1세대 스캐너

    - nikto(perl)기반 *.nix 계열에서 사용

    - n_stealth (http://nstalker.com/) 22,000개의 웹 취약점 db 이용하여 웹스캔

2. 2세대 스캐너(상용)-sql_injection

   - Absinthe(http://www.0x90.org) -*.nix계열 sql_injection가능

   - Data thief(http://www.appsecine.com

   - wposion(http://sourceforge.net/project/wposion) - unix기반

     ;open source group에서 만든 툴 sql injection 가능....

3. 2.5세대 스캐너(상용) web application 모든보안테스트 가능

    - appscan(http://www.watchfire.com)

    - webinspect(SPIDymics)(http://www.spidynamics.com)

    - scando(http://www.kavado.com)

      ; 개발단계에서부터 검사할 수 있는 툴

    - Acunetix(http://www.acunetix.com) 가장최근에나옴,asp전용

※ 2.5세대 돌리면 거의 모든 취약점이 나옴.

Trackback 0 Comment 0