The Sanctuary

Technology => Network (in)Security => Topic started by: SBTlauien on September 30, 2014, 05:43:25 am

Title: What platforms do you use security testing of web applications?
Post by: SBTlauien on September 30, 2014, 05:43:25 am

I've been using Burpe Suite for a while now, but it's not the full version.  It was mentioned in a book I was reading.  I downloaded another one called Acunetix but haven't used it yet.  I'm still learning about this stuff.

What do you use and what makes it better than others?

Title: Re: What platforms do you use security testing of web applications?
Post by: aldra on September 30, 2014, 05:45:44 am

web apps? most of the stuff I've written is small-scale and only for internal use, so I haven't needed to worry about it enough to rely on an automated tool.

that said, you could always use selenium or another browser emulator and write your own test packages in python/java/whatever

Title: Re: What platforms do you use security testing of web applications?
Post by: Spuff on October 18, 2014, 04:29:28 pm

Burp rocks. Acunetix is a web vulnerability scanner so it doesn't have the same functionality as Burp, but you can use the two together for better results. If you're looking for intercepting proxies like Burp, there's OWASP ZAP. For vuln scanning, check out w3af. Nikto is also great.