Hello there, I'm not sure if this a right place to put my question to but anyway...
We're looking for a good automation tool that is good to test Web Security?
We need to cover different types of attacks and loopholes of our Web based application.
Any suggestions and experience are greatly appreciated.
Re: What\'d be a good Auto-tool to test Web Security?
You get what you pay for...sometimes you get more for what you pay for...but when you pay nothing, don't expect much [img]/images/graemlins/wink.gif[/img]
Burp Suite is a highly regarded tool, but it can be difficult to use and lacks documentation & support. You need to pay to get the advanced features, without paying it's little more than a proxy tool.
As a WebAppSecurity specialist, I use WebInspect. While it's had many problems in the past, version 8.1 is now super-stable. WebInspect scales up to enterprise level via HP AMP (Assessment Managament Platform), integration with QualityCentre, and integration with Fortify360.