Hello, I need to find tools to run penetration testing on our external web interfaces (a web application and an HTTP-based data interface).
The idea is to be able to run automatic tests on new releases before deployment. Stress is "automatic". Has anyone here got good experience with such tools? I'm digging through the net and found lots of lists (e.g. http://www.samurainet.org/blog/2008/05/12/web-application-penetration-testing-my-tools-of-the-trade/) but if someone can give some input from their personal experience on what's worth pursuing and what's a waste of time it'll, well..., might save our time. (and yes Aviram, I mentioned BeyondSecurity to my CTO, maybe we'll contact you :). Thanks, --Amos
