topic Re: Web application vulnerability scanners in Tech Talk

Web application vulnerability scanners

A2jacomel — Mon, 08 Jan 2018 14:07:24 GMT

Hi! Could you recommend me a good free web application vulnerability scanning tool? I need to start scanning some internal web application and to create an madurate a proccess for the company. I have red some in Google, but want to know what do you think and know about it. Thanks in advance.

Re: Web application vulnerability scanners

Nothwindtrader — Mon, 08 Jan 2018 14:24:35 GMT

I recommend you have a look here:

https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools

Re: Web application vulnerability scanners

CraigO — Mon, 08 Jan 2018 15:18:59 GMT

TL;DR ...Zed Attack Proxy, Nikto, BurpSuite, Vega

Re: Web application vulnerability scanners

jltrinka — Mon, 08 Jan 2018 16:12:54 GMT

For free, I would go with OWASP Zed Attack Proxy (ZAP). For relatively cheap, I would go with Burp Suite Pro. Some other free tools that may help you are CMS-specific scanners like WPScan which are featured in Kali, but that is dependent on whether or not your target is sitting on something like Wordpress/Drupal/etc.

Re: Web application vulnerability scanners

rjaldins — Mon, 08 Jan 2018 18:31:36 GMT

Hey there , what do you mean about this : but that is dependent on whether or not your target is sitting on something like Wordpress/Drupal/etc.. ??

Re: Web application vulnerability scanners

jltrinka — Mon, 08 Jan 2018 19:05:09 GMT

Wordpress and Drupal are popular open-sourced content management systems that web developers use as frameworks to expedite time to build wesites. They also come with a number of their own vulnerabilities, like default configurations and old, vulnerable plugins. There are some free scanners in Kali Linux that quickly check for issues that are often seen with these types of sites, like WPScan.