Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Which Web App Vuln Scanner(s) Do You Use? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Which Web App Vuln Scanner(s) Do You Use?
I recently found a free and open source web application vulnerability scanner called Vega that has been useful and thought I'd share: http://subgraph.com/products.html

Which scanners do you use?

Do you know of any others that are free and open source?

Which scanner do you think is the best overall and why?

Share your reviews and experiences...
Alex Stanford

154 Posts
My org has used openVAS for about 2 years. We have found it to fairly effective - manageable false alarm rate and "seems" to find a fair range of issues, and the vulnerability tests appear to be updated regularly. We haven't yet compared openVAS to other scanners, so we don't really have a handle on what gaps there are in openVAS and how we are using it. Would love to hear others' take on openVAS, what gaps they are aware of and how they address those. Anonymous

Does anyone have any experience looking at this objectively from our POV, specifically assessing potential risks?

______
Sami
Anonymous

Thank you Ocensb

4 Posts

Sign Up for Free or Log In to start participating in the conversation!