A variety of different free tools exist for Red Team operations, and, in many cases, a Red Team can get by just fine taking advantage of these free or open-source resources. However, a few commercial tools are available that might be worth the added expense to the Red Team.
Top paid Red Team tools
Acunetix is a web application vulnerability scanner that is designed to allow penetration testing. Features include the ability to scan for compliance against regulations and standards (PCI-DSS, OWASP Top 10 and so on) and to export discovered vulnerabilities to issue tracking tools or some firewalls to aid in remediation.
Acunetix has different features for its three pricing levels (Standard, Premium and Acunetix 360), but a major differentiator is the number of scans that can be performed at each level (Standard is capped at 20). In general, pricing is determined on a per-website basis.
Burp Suite is one of several tools on this list where there are both a free and a commercial version of the software. In the case of Burp Suite, the Red Team can choose from three different pricing options: Community, Professional, and Enterprise.
The Community edition of Burp Suite is the free option and is primarily intended for researchers and hobbyists. In this version of the tool, only the essential manual tools are available.
The Professional edition of Burp Suite has a yearly fee of $399 per user. It provides access to both the essential and advanced manual tools and the Burp Suite web security scanner, which can detect over 100 of the most common generic web application vulnerabilities.
The Enterprise edition of Burp Suite starts at $3,999 per year and provides complete access to the software’s functionality. This includes the web security scanner and provides options to make (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/drdSfJV4sWc/