You can use the following Web-related tools to perform Web application assessments.
Table F-1. Web Related Tools | ||
Name | URL | Description |
Foundstone SuperScan | http://www.foundstone.com | Popular TCP port scanner, pinger, and resolver for the Microsoft Windows platform. |
Foundstone FScan | http://www.foundstone.com | Popular command line port scanner for the Microsoft Windows platform. |
Whisker | http://www.wiretrip.net/rfp/ | Popular HTTP / Web vulnerability scanner written in PERL. |
Stealth Scanner | http://www.nstalker.com/stealth/ | Popular HTTP / Web vulnerability scanner written for the Microsoft Windows platform; boasts 18,000 total vulnerability checks. |
Nessus Scanner | http://www.nessus.org | Popular and free vulnerability scanning application for UNIX (scanning engine) and Microsoft Windows (user interface only) platform; implements distributed scanning architecture and checks for nearly 900 vulnerabilities. |
Cerberus Scanner | http://www.cerberus-infosec.co.uk | Free vulnerability scanning application for the Windows platform; checks for many common vulnerabilities for popular Web platforms, as well as Microsoft Windows, UNIX, and database vulnerabilities. |
Typhon I Scanner | http://www.nextgenss.com | Free vulnerability scanning application, similar to the Cerberus scanner, for the Microsoft Windows platform; checks for many common vulnerabilities for popular Web platforms, as well as Windows, UNIX, and database vulnerabilities. |
Nmap | http://www.insecure.org/nmap/ | Possibly the most popular network mapping tool available; includes support for TCP and UDP service identification, using multiple scanning techniques; provides additional functionality, including remote operating system identification and RPC service identification. |