[nycphp-talk] Web app security scanners
Jon Baer
jonbaer at jonbaer.com
Sat Apr 15 15:12:51 EDT 2006
Foundstone has an app called WSDigger ... and a slew of others tools
you might want to check out ...
http://www.foundstone.com/resources/s3i_tools.htm
Best bet might be to drop by your local Barnes and Noble and check
out the resources listed on the backs of the "l33t" books ... or keep
tabs on a site like packetstormsecurity.org.
- Jon
On Apr 15, 2006, at 2:09 PM, Max Gribov wrote:
> Hello all,
> does anyone know of any opensource/free web app security scanner?
> Basically, I just want something (else besides me) to go through
> all the
> GET's and POST's on my PHP site and see if XSS/sql injection/etc is
> possible.
> I certainly did an audit of my own code, but another pair of eyes,
> especially automated, would never hurt.
> Something down the lines of Nessuss only for web apps basically.
> I've seen this: www.acunetix.com, and signed up for a trial audit, but
> am wondering if there is something I can actually download.
> I havent seen anything on freshmeat or even google, most things are
> either tutorials or non-free.
>
> thanks!
>
> max
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> New York PHP Conference and Expo 2006
> http://www.nyphpcon.com
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
More information about the talk
mailing list