Arachni - Web Application Security Scanner Framework
See the organizations who have become members of the Liaison Program, the reasons they joined and the people who they’ve chosen to represent them.
The eBay security team has incorporated Arachni into its Secure Development Lifecycle and uses it to perform internal security testing. We have
found that the flexibility, scalability, and self service model of the Arachni platform makes it very well suited for large enterprise environments.
Anton Abashkin (Application Security Engineer), eBay (http://www.ebay.com)
Bentley Systems, Incorporated.
Bentley is the global leader dedicated to providing architects, engineers, constructors, and owner operators with comprehensive software solutions for sustaining infrastructure. Founded in 1984, Bentley has nearly 3,000 colleagues in more than 45 countries, $500 million in annual revenues, and, since 1999, has invested more than $1 billion in research, development, and acquisitions.
In regard to our cloud services, we are trusting Arachni as our main automated security tool in our QA process. We like its customizable scans and its comprehensive reporting.
Louis Nadeau (Security Scrum Master), Bentley System (http://www.bentley.com/)
The best free scan for web applications. Fast and easy to use always brings relevant information regarding the assets tested, with low false positive rate. We used it during our intrusion tests and the tool has always supported us in delivering good results to our customers.
We ran a comprehensive benchmark of several high-profile web application scanners, and were positively impressed by Arachni.
While having a really efficient detection engine and a clear reporting system, the cherry on top is really its distributed nature.
It's great to see open source software to be neck and neck with expensive commercial software.
We look forward to use it on our infrastructure, and to integrate it in our development work flow!
Julien Voisin (Security consultant), NBS System (https://nbs-system.com)
AppScour uses an extensive assortment of open source and commercial security toolsets and Arachni is one the most robust and capable tools available. Its highly customizable and comprehensive scanning abilities make it a top notch scanner. If you add Arachni’s excellent scanning capabilities with it’s full-featured reporting abilities, you have yourself a very powerful, extremely feature rich and capable platform that can stand toe-to-toe with any commercial scanner.
Nick Baronian (COO), AppScour (http://www.appscour.com)
Manwin is a leading multinational information technology firm, specializing in highly trafficked websites. The company provides innovative entertainment experiences to a global audience. The Manwin security team chose the Arachni Scanner as part of our security auditing toolkit. We embrace its flexibility, scalability and comprehensive reporting. Arachni is an integral part of our development workflow.
Jean R. (Security Specialist, Special Operations), Manwin (http://www.manwin.com)
Our team at Conviso Application Security chose Arachni as the main application security scanner tool that helps us in tests and vulnerability security assesments. One of our internal products uses Arachni as part of the process, helping people and companies to keep their security level as strong as possible.
Upsite Security identifies the Arachni web application framework as the foremost open source security scanning environment that satisfies the needs of on the fly adaptability, modularity and performance. For that reason Upsite Security has used Arachni to support continuous security needs of potentially vulnerable website environments and networks.
R. van Bommel (Application penetration tester), Upsite Security (https://www.upsitesecurity.nl)
We use a wide range of open source security scanners at ScanArch. Arachni is one of the top notch scanners we are offering our clients to test their website security. Arachni doesn't use much processing or memory so we are able to run multiple instances and still deliver good accuracy while handling over thousands of websites.
Nabeel Ahmed (CEO), ScanArch (www.scanarch.com)
Arachni Scanner is responsive, scalable and distributed, with unmatched deep crawling and scanning capabilities. If you compare it to on-premise solutions, it’s simple to use and it’s completely open source.
Overall, I think it’s a great tool and I’m glad to see such a great tool from the open source community. It suits the all web pen-testing consultant a lot more, especially with generating reports with complete customization features.
Thank you for such wonderful tool, will sure contribute to its development.
We manage a number of web sites and it is imperative that we keep them as safe as possible. We have tested a number of web application scanning tools, and Arachni is on the short list. Its CLI interface is easy to use and trouble-free, even with no options listed. Arachni on Kali Linux is a winning combination.
Wolf Halton (Senior Penetration Tester), Atlanta Cloud Technology, Inc (http://atlantacloudtech.com)
Our team utilizes Arachni, included in the toolset supported by the Faraday IDE Penetration Test Environment. This allows for excellent effectiveness in automated web vulnerability detection. In Conclusion, we believe it is an essential tool that is useful in applications of security assessment, pre-production beta testing, and assessing web technology vulnerabilities.
Francisco Amato (CEO), Infobyte Security (http://www.infobytesec.com/)
Katana Security focuses on Application Security and we perform most of our services using Arachni as a support tool to help us identify and manage vulnerabilities in our clients' applications. We also provide training and consulting where we use Arachni as one of our main Web Application Scanners to teach to our customers how to perform automated security tests. For us, Arachni is one of the best open-source tools available to perform those tasks.
Magno Logan (CEO), Katana Security (www.katanasec.net)