1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2012
    Rep Power

    OWASP Top 10 penetration testing software?

    Hi, for one of my websites, I have been required to use a web application scanner that tests against the OWASP Top Ten threats. I'm looking for a scanner that does this that is inexpensive or free.

    Possible scanners I've found for this include the OWASP Zed Attach Proxy Project, Sonar, and w3af, but none of these explicitly tests against the OWASP Top Ten threats (at least not that I can tell).

    Does anyone know of a scanner that does test against the OWASP Top Ten threats? Thank you!
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    May 2007
    Rep Power
    I doubt any such software exists (and would be highly suspicious of any software that claims to). The OWASP top 10 is comprised of things that requires knowledge of a specific application in order to test. Some aren't even detectable from the outside world (E.g. you can only evaluate A7 -- insecure cryptographic storage by auditing your back-end database).
    sub{*{$::{$_}}{CODE}==$_[0]&& print for(%:: )}->(\&Meh);

IMN logo majestic logo threadwatch logo seochat tools logo