Web-based Application Penetration Testing15

Select Up to 5 Products to Compare

  • Product Info
  • Resources
  • Awards
  • Certifications & Compliance
Product Vendor   Description License
SC Magazine (US) Gartner White Papers the 451 group Help Net Security Awards SCAP CVE PCIDSS PCI ASV FDCC
Cenzic Enterprise Cenzic, Inc.   Application Security for Cloud and Web Cenzic Enterprise, powered by Hailstorm, is a software solution that assesses the security of Cloud and Web applications and supports security risk management throughout the software development lifecycle. Because Cenzic Enterprise can be used in all parts of the software development lifecycle, and most importantly in production, applications are protected against new threats even after being deployed. After application vulnerabilities are identified, Cenzic Enterprise provides risk mitigation recommendations to protect data and meet compliance requirements. * Continuous testing of all applications, including ones in production * Centralized management of application security risk for the entire enterprise with role-based visibility * Regulatory compliance assurance, including PCI 6.6 * Unified architecture enables effortlessly transfer data between Cenzic products * Integration with multiple sources from manual penetration testing results, other commercial black box tools, source code analysis, QA data and Web application firewalls Integration with Complementary Technologies Cenzic Enterprise’s integration with related technologies helps users more quickly block and correct Cloud and Web application vulnerabilities. Integration with WAF (web application firewall), SIEM (security information and event management), SDLC (software development lifecycle), GRC (governance, risk management, and compliance), QA tools and other technologies ensures that vulnerabilities can be identified and immediately addressed. Application Security for Cloud and Web Cenzic Enterprise, powered by Hailstorm, is a software solution that assesses the security of Cloud and Web... Commercial Read Review   Read Review     2011 Finalist for Hot Companies Award
Network Products Guide
2011 Finalist for Security Hardware (New or Upgrade version) Best Product Award
Network Products Guide
2010 ᅠBest in Security Testing
Network Products Guide
         
COREvidence NETpeas   IT Security demands are varied: Vulnerability Management, Regulation Assessment, IT Monitoring, Application Assessment, Malware Detection & Reduction etc.. Each Solution Vendor focuses on its domain. As a result, the customer wishing to cover all aspects of security must acquire several solutions. What makes the overall vision of security a hard task to achieve because of : Licenses pricing, Data Aggregation issues, Reporting Compatibility due to multiple deliverables, Different Support team Management, different payment plans, time and effort to benchmark vendors and so on. By the concept of the Marketplace security, we have found the solution that so many customers have asked us during our various interventions. COREvidence™ is the single one-stop shop in SaaS mode offering access to a various IT Security Integrated Solutions. IT Security demands are varied: Vulnerability Management, Regulation Assessment, IT Monitoring, Application Assessment, Malware Detection & Reduction... Commercial                    
Core WebVerify™ Core Security Technologies   Verify Web Application Security Beyond the Web Application Attackers won’t stop once your web application is breached, so why should your security test? Core WebVerify™ automated security testing software provides real-world intelligence on both your organization’s web application exposures and their implications for your broader operations – using the same techniques employed by actual attackers. With WebVerify, you not only identify exploitable application weaknesses, but also verify the security of application databases, the web server, backend network systems, and even end users against subsequent attacks. The result is a more holistic assessment of your web application security as it relates to the rest of your business. Verify Web Application Security Beyond the Web Application Attackers won’t stop once your web application is breached, so why should your security... Commercial     Read Review     Industry Innovators
SC Magazine
         
iViz On Demand Penetration Testing iViz   iViZ's on demand application testing platform performs various types of application penetration security audits including web application security Testing, SAP audit, or other customized system audit. iViZ Security uses both black box and white box testing methodology. Enterprise application security being critical to organizations, iViZ Security allows organizations to significantly improve overall security software and reduce risk to the organization in a way that compliments the web application security infrastructure and process they currently have in place. iViZ's on demand application testing platform performs various types of application penetration security audits including web application security... Commercial                    
Metasploit Community Edition Rapid7, LLC   Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nexpose - for free. Easily manage and conduct penetration tests Cyber criminals are successful in penetrating networks of enterprises and government agencies every day, creating huge security and compliance issues. Metasploit Community Edition simplifies network discovery and penetration testing spot-checks with specific exploits, increasing the effectiveness of vulnerability scanners such as Nexpose - for free. Importing third-party vulnerability scanner reports, it helps prioritize remediation and eliminates false positives, increasing productivity and providing true security risk intelligence. Defenders can demonstrate the impact of vulnerabilities to IT operations to obtain buy-in for remediation. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of... Freeware                    
SAINTexploit™ SAINT Corporation   The SAINTexploit™ Penetration Testing Tool is the ultimate resource to demonstrate the security—or vulnerability—of your network. SAINTexploit goes beyond simply detecting vulnerabilities to safely exploiting them. The first integrated vulnerability and penetration testing tool, SAINTexploit is part of the complete solution SAINT offers to evaluate the vulnerabilities on your network. This fully automated product examines potentially vulnerable services discovered by SAINT, exposes points where an attacker could breach the network, and exploits the vulnerability to prove its existence without a doubt. The file browsing and command execution capabilities resulting from a successful exploit provide undeniable evidence of a network vulnerability. The SAINTexploit™ Penetration Testing Tool is the ultimate resource to demonstrate the security—or vulnerability—of your network. SAINTexploit goes... Commercial Read Review Read Review       Industry Innovator
SC Magazine
SANS WhatWorks - 4.3 Penetration Testing and Ethical Hacking
SANS
Best of 2007 Products
SC Magazine
         
SAINTmanager® SAINT Corporation   Remote management console for medium to large enterprises. The SAINTmanager remote management console enables enterprise-wide vulnerability scanning, which increases efficiency and reduces the length of time required for the enterprise-wide scanning process. The browser-based console provides the ability to centrally manage an entire network of SAINT® vulnerability scanners located around the globe from a single interface. The centralized management and reporting capability lets a single vulnerability assessment team analyze all of the assessment results together and see the overall security posture of the entire enterprise. This allows security and IT groups to work together efficiently to make appropriate decisions about which security issues are most critical, and to focus on the remediation of vulnerabilities with the greatest potential impact. Remote management console for medium to large enterprises. The SAINTmanager remote management console enables enterprise-wide vulnerability scanning,... Commercial Read Review Read Review       Industry Innovator
SC Magazine
"Recommended Product" Award
SC Magazine
         
SAINTwriter® Reports SAINT Corporation   SAINTwriter software allows users to quickly design and generate vulnerability assessment reports, and to present the findings of even the largest network scans in an easy-to-read format. This allows managers to see the big picture instantly and helps administrators obtain detailed information for their security plans. SAINTwriter generates custom reports of a SAINT scan's findings using charts, tables and graphs. More than 150 configuration options allow administrators to pinpoint the information they need and present it in the format they want, whether they are briefing company executives or working with technical staff. In addition, SAINTwriter offers numerous pre-configured reports to make the process quick and easy, saving hours of employee time. What's more, SAINTwriter reports are exportable. Customers can transfer scan findings and tables to spreadsheets and other applications, making it simple to distribute results throughout your organization. SAINTwriter software allows users to quickly design and generate vulnerability assessment reports, and to present the findings of even the largest... Commercial Read Review Read Review       Industry Innovator
SC Magazine
"Recommended Product" Award
SC Magazine
         
The Cloud Penetrator SecPoint   Do You Know If Your Web Servers Are Secure? Prevent Hackers from entering your web servers servers. You get the following benefits: Automatic Scan for Vulnerabilities. A solution to fix the found vulnerabilities. Discover SQL Injection, XSS Cross Site Scripting. Discover Code Execution Vulnerabilities. WAS Web application Scanning. SaaS Software as a service. Blackhat SEO Scannining Google Hack Database Do You Know If Your Web Servers Are Secure? Prevent Hackers from entering your web servers servers. You get the following benefits: Automatic... Commercial                    
Vulnerability Manager [Large Enterprise] McAfee, Inc   Evaluate 100 percent of your network all of the time McAfee Vulnerability Manager provides fast, precise, complete insights into vulnerabilities on all of your networked assets. Easy-to-implement Vulnerability Manager readily scales to suit networks from hundreds to millions of nodes. Nonstop global research helps you stay ahead of evolving threats and new vulnerabilities. Our single, actionable, correlated view of your weaknesses and our patented FoundScore risk formula helps you direct remediation efforts where they are needed most. Evaluate 100 percent of your network all of the time McAfee Vulnerability Manager provides fast, precise, complete insights into vulnerabilities on all... Commercial Read Review Read Review Read Review     SANS WhatWorks - 4.2 Vulnerability Management
SANS
         
w3af Rapid7, LLC   w3af (short for Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities and aids in penetration testing efforts. This cross-platform tool is available in all of the popular operating systems such as Microsoft Windows, Linux, Mac OS X, FreeBSD and OpenBSD and is written in the Python programming language. Users have the choice between a Graphic User Interface and a command-line interface. w3af identifies most web application vulnerabilities using more than 130 plug-ins. After identification, vulnerabilities like (blind) SQL injections, OS commanding, remote file inclusions (PHP), cross-site scripting (XSS), and unsafe file uploads, can be exploited in order to gain different types of access to the remote system. w3af (short for Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability... Freeware                    
Websafe Website Security Audit WebSafe   Websafe.ie is a online website security scanning and auditing tool. Our business is aimed at companies/businesses that need to protect their websites content, reputation, sensitive data and online integrity from all types of online threats that exists on the internet. The process takes less than one day to complete and involves no work on your side, this can save thousands of revenue in damages by detecting severely dangerous online security threats and weaknesses and vulnerabilities that your website may possess. Websafe.ie is a online website security scanning and auditing tool. Our business is aimed at companies/businesses that need to protect their websites...                    
Web Vulnerability Scanner Acunetix   Acunetix Web Vulnerability Scanner is available in three versions: A Small Business Version for one nominated web site, an Enterprise version to allow for scanning of an unlimited number of websites, and a Consultant version, which allows you to use Acunetix WVS to perform penetration tests for third parties. Acunetix Web Vulnerability Scanner is available in three versions: A Small Business Version for one nominated web site, an Enterprise version to allow... Commercial         Read Review SANS WhatWorks - 1.2 Application Security Scanners (Black Box Scanners)
SANS
Top 100 Network Security Tools
SecTools.org