When we talk about Web Application assessment tools, most of us will think about Acunetix, and Nikto where it can be consider as popular nowdays. Web Application Assessment approach is to scan the website either authentication or without authentication of the website. The best practice is to see if Secure Layer (HTTPs)is been implemented within the website.

Nikto

One of the Website Assessment tools that i mentioned here is a command-line tools where the tester need to remember the command or else. Nikto will normally show the result of the vulnerabilities for the website. The Command-line that need to remember when trying to scan the website is

nikto -h <website url address>

Acunetix

Acunetix is an tools that audit the Web Vulnerabilities which it will test SQLi, XSS, XXE and other more website attack. There is two types of Acunetix that available to be use for the Website Assessment which is Standard Edition(Free) and Enterprise Version(Subscribe).

Both of the Standard and Enterprise version is similar on the result of the finding but the only different is that Enterprise Version can generate report based on the vulnerabilities finding. As a result, it will make the progress a little bit quicker for the tester to came out with the final report.