I'm the lead sysadmin for a shop that builds web applications for clients. I'm looking for something automated that will catch basic vulnerabilities, preferably something that I can have the devs or QA run themselves before the app is deployed.
I've checked out Nessus and Acunetix. Acunetix looks like the better of the two for our needs, despite having higher up-front cost. I like that Nessus can be installed on a server somewhere with multiple logins and is linux-based. Acunetix clearly wins at ferreting out actual vulnerabilities in web applications though. Any other recommendations?
Thanks!
[link] [3 comments]