GeeCON Prague 2014*
The moose likes Security and the fly likes OWASP: vulnerability scanning Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "OWASP: vulnerability scanning" Watch "OWASP: vulnerability scanning" New topic
Author

OWASP: vulnerability scanning

Gian Franco
blacksmith
Ranch Hand

Joined: Dec 16, 2003
Posts: 977
Hello,

Can you give an indication of which tools are good (and affordable)
for automated security testing/vulnerability scanning of web sites?

Cheers,

Gian


"Eppur si muove!"
Jc Li
Owasp member
Greenhorn

Joined: Feb 08, 2011
Posts: 8
OWASP does NOT endorse any commercial service or product.

What we do have though is a a guide called the Application Security Verification Standard (http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) which provides organizations with the information they need to intelligently choose what type of security assessment is required for your application or site.

All types of security assessment (automated scan, static analysis scan, manual code review, penetration test, etc) have advantages and disadvantages and this document helps to differentiate between these types of assessments.

Hopefully, you can use the qualities identified in this document for a solid "security assessment" as a source of principles to guide you to choosing a particular tool or vendor.

-Jason
OWASP Global Projects Committee Chair
 
GeeCON Prague 2014
 
subject: OWASP: vulnerability scanning