File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes OWASP: vulnerability scanning Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "OWASP: vulnerability scanning" Watch "OWASP: vulnerability scanning" New topic

OWASP: vulnerability scanning

Gian Franco
Ranch Hand

Joined: Dec 16, 2003
Posts: 977

Can you give an indication of which tools are good (and affordable)
for automated security testing/vulnerability scanning of web sites?



"Eppur si muove!"
Jc Li
Owasp member

Joined: Feb 08, 2011
Posts: 8
OWASP does NOT endorse any commercial service or product.

What we do have though is a a guide called the Application Security Verification Standard ( which provides organizations with the information they need to intelligently choose what type of security assessment is required for your application or site.

All types of security assessment (automated scan, static analysis scan, manual code review, penetration test, etc) have advantages and disadvantages and this document helps to differentiate between these types of assessments.

Hopefully, you can use the qualities identified in this document for a solid "security assessment" as a source of principles to guide you to choosing a particular tool or vendor.

OWASP Global Projects Committee Chair
I agree. Here's the link:
subject: OWASP: vulnerability scanning
It's not a secret anymore!