Shulou(Shulou.com)05/31 Report--

Editor to share with you what the commonly used Web security scanning tools are, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

1 、 AWVS

Very classic Web scanning artifact, essential for entry. Recommended index: ★

Official website:

Https://www.acunetix.com

Previous versions of AWS10.5 provide client and Web interfaces, less than 50m installation files, simple interface, fast scanning speed, low resource occupancy rate, simple scanning strategy settings, and powerful individual combat capabilities with various auxiliary tools on the client side.

Personally, I am a staunch supporter of AWS10.5, and later the web revision of AWVS is really a little unaccustomed.

2 、 IBM AppScan

A Web security scanning tool comparable to AWVS. Recommended index: ★★★★

Official website:

Https://www.hcltechsw.com/products/appscan

Overall, the scanning effect is good, the accuracy is relatively high, and the scanning speed is really a little slow. Generally speaking, we can usually use both AWVS and AppScan to detect a web site, and then verify the scanning effect of each other to improve the accuracy of detection.

3 、 Goby

An attack surface analysis tool, recommended index: ★

Official website:

Https://gobies.org

The installation process is very simple, Windows unzipped directly double-click EXE to run, cross-platform support for Windows, Linux, Mac. It is also quite comprehensive in function, providing the most comprehensive asset identification, the fastest scanning experience, and a built-in customizable vulnerability scanning framework.

4 、 Xray

A powerful security assessment tool. Recommended index: ★★★★

Official website:

Https://xray.cool

Xray is best used in its passive scanning mode, and linkage with burp is a unique skill to forward traffic from Burp to Xray. All data packets are transparent, which can be called a sharp weapon.

5. Open source vulnerability detection framework

Open source projects such as POC-T, pocsuite, pocscan and Osprey provide a customizable vulnerability detection framework. The quantity and quality of Poc determine the detection effect, and the accumulation of leak libraries is particularly important.

Github project address:

POC-T: https://github.com/Xyntax/POC-T pocsuite3: https://github.com/knownsec/pocsuite3 pocscan: https://github.com/erevus-cn/pocscan Osprey: https://github.com/TophantTechnology/osprey

There are countless open source scanners, and there are many people who reproduce wheels, but there are not many tools that can really become artifacts.

6. IAST gray box scanning tool

If our position is in the security testing process of SDL, IAST is a new security testing scheme compared to the black box testing scheme. Generally through Agent stake insertion monitoring, there is no need to replay requests, no dirty data, almost up to zero false positives, which is undoubtedly the best choice to achieve automatic security testing.

7. Commercial Web application scanner

Some security vendors provide omission scanning products, but there are actually some differences in subdivision areas, such as Web application security scanning, comprehensive vulnerability scanning, and Web security monitoring scanning products, all of which provide certain Web application vulnerability scanning capabilities.

Summary of some security manufacturers and scanning products:

Green League WEB Application vulnerability scanning system (WVSS) Green League remote Security Assessment system (RSAS) Qiming Sky Mirror vulnerability scanning and Management system an Heng Web Application vulnerability Scanner (MatriXay clear warning remote Security Assessment system Qi Anxin Network God SecVSS3600 vulnerability scanning system Shengbang Security Web vulnerability scanning system (RayWVS) remote Security Evaluation system (RayVAS) fight image technology ARS intelligent vulnerability and risk detection Changting science and technology insight (X-Ray) security assessment system four-leaf clover security full-time risk awareness platform above is all the content of the article "what are the common Web security scanning tools" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.