This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes Security and the fly likes OWASP: vulnerability scanning Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "OWASP: vulnerability scanning" Watch "OWASP: vulnerability scanning" New topic

OWASP: vulnerability scanning

Gian Franco
Ranch Hand

Joined: Dec 16, 2003
Posts: 977

Can you give an indication of which tools are good (and affordable)
for automated security testing/vulnerability scanning of web sites?



"Eppur si muove!"
Jc Li
Owasp member

Joined: Feb 08, 2011
Posts: 8
OWASP does NOT endorse any commercial service or product.

What we do have though is a a guide called the Application Security Verification Standard ( which provides organizations with the information they need to intelligently choose what type of security assessment is required for your application or site.

All types of security assessment (automated scan, static analysis scan, manual code review, penetration test, etc) have advantages and disadvantages and this document helps to differentiate between these types of assessments.

Hopefully, you can use the qualities identified in this document for a solid "security assessment" as a source of principles to guide you to choosing a particular tool or vendor.

OWASP Global Projects Committee Chair
I agree. Here's the link:
subject: OWASP: vulnerability scanning
It's not a secret anymore!