I'd like to know if there's any automated testing tool to check for vulnerabilities
I've seen a couple of reports, and they all seem to be done but automated tools...
Asked
Active
Viewed 2,014 times
2 Answers
2
The best, highest quality, and most accurate testing will always be done by a skilled penetration tester. This can be very expensive though.
As far as automated tools, tons of options exist.
Commercial Grade tools (run anywhere from $300-$25,000 for a copy): - Veracode Dynamic Scanner - Whitehat - HP WebInspect - Cenzic Hailstorm - IBM AppScan - NTOSpider - Qualys - Burp Professional
Free/Open Source: - w3af - OWASP ZAP - Acunetix has a free trial for their commerical product http://www.acunetix.com/cross-site-scripting/scanner/ - Skipfish - Wfuzz
All of these tools will require some basic knowledge of web application vulnerabilities, as well as some manual configuration in order to get legitimate results.
I
eliteparakeet
- 739
- 1
- 5
- 14
0
looking for a similar question at SO, I've found this site that lists several tools
