Penetration Testing mailing list archives
Re: Which Commercial Web App Scanner?
From: Dotzero <dotzero () gmail com>
Date: Wed, 14 Oct 2009 10:19:46 -0400
On Sat, Oct 10, 2009 at 3:31 AM, Norma Snockers <norma.snockers () hotmail co uk> wrote:
Folks, I've read the threads, last one about 5 months ago... http://seclists.org/webappsec/2009/q2/68 and whilst very helpful, I'm still in a quandry. AppScan is expensive, so assuming that leaves WebInspect and Acunetix which one would you personally choose? I've done a very small amount of evaluation - I like the initial feel of Acunetix (and it includes GHDB checks - however is that really needed?), but my head is saying WebInspect. I've seen people recommend both. If you were to make a final decision, which would you buy between Acunetix and WebInspect (to be used in conjunction with open source tools) - based purely on the usability, functionality and efficiency of the product, not the aftersales support? Many thanks.
I've used WebInspect since before HP acquired SpiDynamics. WebInspect is a decent product from a use perspective but I have been severely disappointed with the degradation of customer service since HP acquired them. Our last renewal with them was a disaster. All we wanted from them was an invoice with a PO number on it. Our license lapsed for two months (no updates) while HP sorted it out. I asked them for a make good of a two month extension which is a not unreasonable request under the circumstances. Despite promises from people at various levels that we would be taken care of, nothing was done. They did give me a free t-shirt at RSA as the product manager was promising that this would be taken care of. Despite my liking the product and having used it for a while, we are planning on switching to Cenzic/Hailstorm when our support subscription expires this year. I can't speak to Acunetix. Folks on the client side should never forget that it is not just the product but how the technical support and customer service can impact you and your operations. Vendors should remember that treating a customer poorly may result in their going to another vendor and possibly speaking out publicly about why they walked. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Which Commercial Web App Scanner?, (continued)
- Re: Which Commercial Web App Scanner? Ivan . (Oct 21)
- Message not available
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- RES: Which Commercial Web App Scanner? Rodrigo Matuck (Oct 13)
- Re: Which Commercial Web App Scanner? Todd Haverkos (Oct 13)
- Re: Which Commercial Web App Scanner? Rodrigo Montoro(Sp0oKeR) (Oct 15)
- Re: Which Commercial Web App Scanner? Eric Milam (Oct 15)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 15)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Luca Carettoni (Oct 19)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- Re: Which Commercial Web App Scanner? Dotzero (Oct 15)
- Re: Which Commercial Web App Scanner? Guy (Oct 15)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)