Penetration Testing mailing list archives
Re: Which Commercial Web App Scanner?
From: Guy <patterson () nullamatix com>
Date: Wed, 14 Oct 2009 09:51:15 -0400
On Sat, Oct 10, 2009 at 3:31 AM, Norma Snockers <norma.snockers () hotmail co uk> wrote:
AppScan is expensive, so assuming that leaves WebInspect and Acunetix which one would you personally choose? I've done a very small amount of evaluation - I like the initial feel of Acunetix (and it includes GHDB checks - however is that really needed?), but my head is saying WebInspect. I've seen people recommend both. If you were to make a final decision, which would you buy between Acunetix and WebInspect (to be used in conjunction with open source tools) - based purely on the usability, functionality and efficiency of the product, not the aftersales support?
Norma, If you do end up settling on AppScan, definitely go for the "Standard" or desktop edition. The "Enterprise" version isn't nearly as much fun when it comes time to weed out the false positives. I'll often run a scan with Enterprise and revert back to the Desktop version just for coming up with a working proof of concept. Developers don't like to be told their code is shit and will often say AppScan is "wrong", so I'm always ready to illustrate. That glazed over look they give when a dumped user table or other sensitive information is displayed in their app is priceless. Just one of the many reasons I love my job :] Guy P. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RE: Which Commercial Web App Scanner?, (continued)
- Message not available
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- RES: Which Commercial Web App Scanner? Rodrigo Matuck (Oct 13)
- Re: Which Commercial Web App Scanner? Todd Haverkos (Oct 13)
- Re: Which Commercial Web App Scanner? Rodrigo Montoro(Sp0oKeR) (Oct 15)
- Re: Which Commercial Web App Scanner? Eric Milam (Oct 15)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 15)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Luca Carettoni (Oct 19)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- Re: Which Commercial Web App Scanner? Dotzero (Oct 15)
- Re: Which Commercial Web App Scanner? Guy (Oct 15)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)