Penetration Testing mailing list archives
Re: [PEN-TEST] AppScan
From: "Briney, Andy" <abriney () ICSA NET>
Date: Fri, 22 Sep 2000 13:55:55 -0400
There's an article on AppScan in Information Security magazine at http://www.infosecuritymag.com/aug2000/applicationsecurity.htm Andy
-----Original Message----- From: john.george [mailto:john.george () HOME COM] Sent: Friday, September 22, 2000 1:15 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] AppScan We currently have an evaluation copy of AppScan 1.5. 1.5 will scan SSL connections now that the RSA Patten has expired. I've seen both demos of AppShield and AppScan and both were hits. Not a lick of problems. Of course the were using there own web server to scan for exploits. The list price is a little step, but I don't have to worry about that right now. I'm just doing the evaluation phase first. I will worry about the price later. Currently when it comes to Application Scanning, Sanctum doesn't seem to have much competition. I've done some homework on this for sure. Now on the AppShield, their seems to be products that try to hit that market but fall way short. I have also looked into this pretty extensive and can give you more info on this if needed. Please lets keep intouch about this, I'm sure I will miss something along the way. John G. ----- Original Message ----- From: "Wade A. Malone" <wamalone () earthlink net> To: "john.george" <john.george () home com> Sent: Thursday, September 21, 2000 5:15 AM Subject: Re: AppScanJohn, I'm surprised you paid the price for this piece ofsoftware. Actually Ithought Sanctuminc ran it as an ASP. I have seen demos ofboth Appscan andAppshield, lots of problems. They have great reportingfeatures, but thedynamics of the software are questionable. I'll compile soem more info. How much did you pay for theversion? And didyou look for other comparable products. I'll get back to you soon. Wade A. ----- Original Message ----- From: "john.george" <john.george () home com> To: "Wade A. Malone" <wamalone () earthlink net> Sent: Thursday, September 21, 2000 1:07 AM Subject: Re: AppScanCurrently I have no gripes about the software. Then again I justinstalledthe software yesterday. I just wanted to see if anyone had anyexperiencewith it yet. Thanks, John G. ----- Original Message ----- From: "Wade A. Malone" <wamalone () earthlink net> To: <john.george () HOME COM> Sent: Wednesday, September 20, 2000 4:17 PM Subject: Re: AppScanJohn, What gripes or complaints do you have, what would youlike to see.Wade----- Original Message ----- From: "john.george" <john.george () HOME COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Wednesday, September 20, 2000 4:47 PM Subject: AppScanI very interested in knowing if anyone has anyexperience with anapplication scanner called AppScan. It is supposeto be able tocontinuewhere ISS left off, the application level. Istarted to evaluatethissoftware today and want to see if anyone else hasany good or badpointstothe scanner. The scanner is by http://www.sanctuminc.com . Thanks, John G.
Current thread:
- [PEN-TEST] AppScan john.george (Sep 20)
- Re: [PEN-TEST] AppScan John Weekley (Sep 20)
- <Possible follow-ups>
- Re: [PEN-TEST] AppScan Yonatan Bokovza (Sep 22)
- Re: [PEN-TEST] AppScan john.george (Sep 22)
- Re: [PEN-TEST] AppScan john.george (Sep 22)
- Re: [PEN-TEST] AppScan Briney, Andy (Sep 22)
- Re: [PEN-TEST] AppScan john.george (Sep 24)