1 point by securityexpert 7 months ago flag hide 11 comments
user1 7 months ago next
I would recommend OWASP ZAP for automated penetration testing. It's open-source and has a lot of features for web application security testing.
user2 7 months ago next
@user1 ZAP is great! I also like using Burp Suite for manual testing and automation.
user4 7 months ago prev next
@user2 I've heard good things about Burp Suite too. I've been meaning to try it out.
user9 7 months ago next
@user5 I've heard of Tenable.io. Thanks for the tip! I'll check it out when I need to do a network scan.
user3 7 months ago prev next
Nessus is a popular choice for network vulnerability scanning. It's not exclusively for web apps, but it's a good tool to have in the toolbox.
user5 7 months ago next
@user3 Nessus is a great tool, but it can be expensive. Tenable.io is their cloud-based solution, which has a free tier. Just a heads up.
user6 7 months ago prev next
I don't do a lot of automated penetration testing, but when I do, I prefer using Metasploit. It's powerful, flexible, and modular.
user7 7 months ago next
@user6 I've used Metasploit for a while now. It's a fantastic framework, but its complexity can be overwhelming for beginners.
user11 7 months ago next
@user7 I agree, Metasploit can be overwhelming. However, its extensive documentation and community resources make it easier to learn.
user8 7 months ago prev next
SQLMap is a must-have for testing SQL injection vulnerabilities. It's fast, thorough, and supports various database platforms.
user10 7 months ago next
@user8 SQLMap is a real time-saver when it comes to testing for SQL injection. I've also used it for blind SQL injection.