'N-Stalker'에 해당되는 글 2건

  1. 2010.07.08 Web Vulnerability Scanners Comparison
  2. 2009.12.16 Web Application Security Scanner List
2010. 7. 8. 11:02

Web Vulnerability Scanners Comparison

Acunetix Web Vulnerability Scanner placed first in a paper released by Adam Doup´e, Marco Cova, and Giovanni Vigna from the University of California, Santa Barbara.  In the paper “Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners”, the authors compared the capalities of eleven black box web security scanners (both commercial and open source) against a realistic test web application called WackoPicko.

“In comparison, our work, to the best of our knowledge, performs the largest evaluation of web application scanners in terms of the number of tested tools (eleven, both commercial and open-source), and the class of vulnerabilities analyzed. In addition, we discuss the effectiveness of different configurations and levels of manual intervention, and examine in detail the reasons for a scanner’s success or failure.”

“we decided to create our own test application, called WackoPicko. It is important to note that WackoPicko is a realistic, fully functional web application.  As opposed to a simple test application that contains just vulnerabilities, WackoPicko tests the scanners under realistic conditions. To test the scanners’ support for clientside JavaScript code, we also used the open source Web Input Vector Extractor Teaser (WIVET). WIVET is a synthetic benchmark that measures how well a crawler is able to discover and follow links in a variety of formats, such as JavaScript, Flash, and form submissions.”

출처 : http://www.acunetix.com

Trackback 0 Comment 0
2009. 12. 16. 11:37

Web Application Security Scanner List


The following list of products and tools provide web application security scanner functionality.  Note that the tools on this list are not being endorsed by the Web Application Security Consortium - any tool that provides web application security scanning functionality will be listed here.  If you know of a tool that should be added to this list, please contact Brian Shura at bshura73@gmail.com.

Commercial Tools

Software-as-a-Service Providers

Free / Open Source Tools

출처 : http://projects.webappsec.org

Trackback 0 Comment 0