Main Nav

Message from

Hello, Does anyone here have any recommendations for tools (preferably open-source) that will scan web-servers for vulnerable application frameworks + plug-ins? Stuff like looking for out-of-date Drupal, Joomla, etc. Obviously I can find some of these tools with Google on my own, just curious if anyone has any positive experience with any in particular. Thanks! -- -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ Michael Sheinberg Network Security Administrator, CETS School of Engineering and Applied Science -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~


Message from

W3AF is an open source web application scanner. The links are at: Paul Lepkowski, CISSP, GIAC-GPEN RIT Information Security Office Enterprise Information Security Lead Engineer Staff Council Representative   Rochester Institute of Technology Ross 10-A200 151 Lomb Memorial Drive Rochester, NY 14623 (585) 475-6972   CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.
Message from

+1 for W3AF for general web applications and code. OpenVAS will detect specific application framework issues. Nessus will do the same. Here is a great article from last August that dives into each Web Application Scanner and its features. Open Source and Commercial Greg Williams IT Security Principal University of Colorado at Colorado Springs Website:
A relatively inexpensive product is Acunetix ( Their pricing is very reasonable and affordable for EDUs. We use it in combination with open source web app scanners.

Randy Marchany
VA Tech IT Security Office & Lab

Message from

Message from

Message from

We use couple different commercial web application scanners. Most frequently we use Cenzic's Hailstorm Application Risk Controller. This scanner combines pretty high accuracy with a very low rate of false positives. Vulnerability discovery is driven by the "Smart Attack" library, which encapsulates best practices to test attack resistance. Also, this tool generates good reports with web vulnerability summary, total vulnerability risk score, and details on all the specific findings, but I'm not enormously impressed with the fit and finish of the user interface. I hope this helps. _________________________________________________ Indir Avdagic, CISM, CISSP, ACSA, TICSA Director of Information Security Harvard University - SEAS Email: Phone: (617) 496-3502    "There is an infinite capacity to improve everything" _________________________________________________
If you have 501(c)(3) status, the Nessus ProfessionalFeed subscription is free. David Pirolo Warner Pacific College On Tue, 2012-02-07 at 17:38 -0500, Brian J Smith-Sweeney wrote: >

We used to use Acunetix but they steadfastly refused to negotiate indemnity issues here. 



View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.