Re: [PEN-TEST] AppScan

["john.george" <john.george () HOME COM>]

We currently have an evaluation copy of AppScan 1.5.
1.5 will scan SSL connections now that the RSA Patten has expired.
I've seen both demos of AppShield and AppScan and both were hits. Not a lick
of problems. Of course the were using there own web server to scan for
exploits.
The list price is a little step, but I don't have to worry about that right
now. I'm just doing the evaluation phase first. I will worry about the price
later.
Currently when it comes to Application Scanning, Sanctum doesn't seem to
have much competition. I've done some homework on this for sure.

Now on the AppShield, their seems to be products that try to hit that market
but fall way short. I have also looked into this pretty extensive and can
give you more info on this if needed.

Please lets keep intouch about this, I'm sure I will miss something along
the way.

John G.

----- Original Message -----
From: "Wade A. Malone" <wamalone () earthlink net>
To: "john.george" <john.george () home com>
Sent: Thursday, September 21, 2000 5:15 AM
Subject: Re: AppScan


> John,
>
> I'm surprised you paid the price for this piece of software.  Actually I
> thought Sanctuminc ran it as an ASP.  I have seen demos of both Appscan
and
> Appshield, lots of problems.  They have  great reporting features, but the
> dynamics of the software are questionable.
>
> I'll compile soem more info.  How much did you pay for the version? And
did
> you look for other comparable products.
>
> I'll get back to you soon.
>
> Wade A.
> ----- Original Message -----
> From: "john.george" <john.george () home com>
> To: "Wade A. Malone" <wamalone () earthlink net>
> Sent: Thursday, September 21, 2000 1:07 AM
> Subject: Re: AppScan
>
>
> > Currently I have no gripes about the software. Then again I just
installed
> > the software yesterday. I just wanted to see if anyone had any
experience
> > with it yet.
> >
> > Thanks,
> > John G.
> > ----- Original Message -----
> > From: "Wade A. Malone" <wamalone () earthlink net>
> > To: <john.george () HOME COM>
> > Sent: Wednesday, September 20, 2000 4:17 PM
> > Subject: Re: AppScan
> >
> >
> > > John,
> > >
> > > What gripes or complaints do you have, what would you like to see.
> > >
> > > Wade
> > >
> > >
> > > > ----- Original Message -----
> > > > From: "john.george" <john.george () HOME COM>
> > > > To: <PEN-TEST () SECURITYFOCUS COM>
> > > > Sent: Wednesday, September 20, 2000 4:47 PM
> > > > Subject: AppScan
> > > >
> > > >
> > > > > I very interested in knowing if anyone has any experience with an
> > > > > application scanner called AppScan. It is suppose to be able to
> > continue
> > > > > where ISS left off, the application level. I started to evaluate
> this
> > > > > software today and want to see if anyone else has any good or bad
> > points
> > > > to
> > > > > the scanner. The scanner is by http://www.sanctuminc.com .
> > > > >
> > > > >
> > > > > Thanks,
> > > > > John G.