Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

OWASP: vulnerability scanning

 
Gian Franco
blacksmith
Ranch Hand
Posts: 979
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

Can you give an indication of which tools are good (and affordable)
for automated security testing/vulnerability scanning of web sites?

Cheers,

Gian
 
Jc Li
Owasp member
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OWASP does NOT endorse any commercial service or product.

What we do have though is a a guide called the Application Security Verification Standard (http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) which provides organizations with the information they need to intelligently choose what type of security assessment is required for your application or site.

All types of security assessment (automated scan, static analysis scan, manual code review, penetration test, etc) have advantages and disadvantages and this document helps to differentiate between these types of assessments.

Hopefully, you can use the qualities identified in this document for a solid "security assessment" as a source of principles to guide you to choosing a particular tool or vendor.

-Jason
OWASP Global Projects Committee Chair
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic