Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Metasploit isn't web application penetration tool. W3af, the other open source security tool Rapid7 sponsors, is. Meanwhile, Rapid7's commercial offering, Nexpose, also crawls Ajax applications and, if this flaw is as simple as people seem to think it is, would likely have found it... as would OWASP WebScarab or Burp (a tool that costs a fraction of what your tool does and belongs in the back pocket of every web developer).

I'm responding harshly because I do not agree with your logic (to wit: any thread involving security is a great place to plug your scanner) and because I found your comparison of Netsparker to Metasploit disingenuous: Metasploit simply isn't Rapid7's web app offering.



I found your comparison of Netsparker to Metasploit disingenuous

I have no position on whether he should mention his product in a news thread about SQLI, but he was responding directly to bjg, who said:

That product looks awfully similar to Metasploit ( http://www.metasploit.com/ ) , no?

How is it different?

So, his "comparison" was just responding to someone saying "Hos is it different?", literally.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: