Testing

[eluser]Jim Higgins[/eluser]
Okay, I found the article. It was the December 2007 issue #170. I scanned the article so if either of you would like me to email it to you, just send me your email address or catch me on IM (addresses listed in my profile).

In summary, here's what they recommend for security tests and vulnerability scanners...

HackerGuardian (hackerguardian.com)- Simple vulnerability testing at a low price (some options are free). Scans run from the HackerGuardian servers too so there's no software for you to install or configure.

QualysGuard (qaulys.com/forms/trials/freescan)- This scanning service is for checking network vulnerabilities more than deep analysis of web applications, but there are some overlaps, and you get a free trial so it's definitely worth a look.

Acunetix (acunetix.com) - Vulnerability scanner that can also analyse JavaScript, Flash, Soap, Ajax and run through in-depth xss and sql injection tests. However, a license costs 750 pounds (UK Magazine)... which .Net writer says is worth it if you're a consultant or a large company. They do have a free version that runs xss scans only.

Gamasec (gamasec.com) - Marginally less detailed testing than the one above for a much lower price (from 100 pounds per scan on a pay-as-you-go basis).

Altersite (altersite.com) - Online scanning service with free trials.

Nessus (nessus.org) - Works best on Unix.

Lastly, they included a very quick 4 step tutorial using Aura and Wikto (www.senspost.com/research_tools.html) for free. You can see this in the article I scanned (which I can email to you) or you can backorder a copy of the issue from http://www.netmag.co.uk/