Penetration Testing mailing list archives
Re: Which Commercial Web App Scanner?
From: Roman Medina-Heigl Hernandez <roman () rs-labs com>
Date: Fri, 16 Oct 2009 09:39:54 +0200
Dan Anderson escribió:
2009/10/15 Roman Medina-Heigl Hernandez <roman () rs-labs com>:PS: Norma, if you discarded Appscan due to its price then forget WebInspect too!. It will also be more difficult for you to get an eval version from a big company like HP or IBM, than from smaller ones (I'd evaluate Acunetix, if I were you).FUD.
Mmmmm... let's see...
http://www.ibm.com/developerworks/downloads/r/appscan/standarded.html?S_TACT=105AGX23&S_CMP=rnav
"With the evaluation license you can scan only a test Web site, Altoro Mutual at http://demo.testfire.net." When I say "evaluation" I mean a *real* evaluation. If you consider that launching the app against a specially and "carefully prepared" environment is sufficient to evaluate a product then I wouldn't hire you to perform an eval job :) Please, let's be serious, Dan.
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__
Same applies here. Now try to contact them for any tech (or non-tech) question about its product, evaluation conditions, eval license extension, etc. This case is real: I had 1-2 weeks to perform some quick eval and tried to contact them using the page you provided (or similar, I don't recall; you are not the only one who knows how to fill in a Google form and hit the enter key). I never got it... because when a person was (supposedly) ready to send me the eval license, 3-4 weeks had spent and I was out of my eval time, so I aborted it :) It is so simple: big company == more burocracy == more time.
Two seconds with Google is your friend.
Two seconds reading the former URLs, or (more time to) simply trying to ask for a real eval opportunity, and you could avoid embarrassing yourself in a public mailing-list :) Cheers, -Roman ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Which Commercial Web App Scanner? Norma Snockers (Oct 13)
- Re: Which Commercial Web App Scanner? bugtraq (Oct 13)
- RE: Which Commercial Web App Scanner? Onur YILMAZ (Oct 13)
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
- Message not available
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 19)
- Re: Which Commercial Web App Scanner? Ivan . (Oct 21)
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
- Message not available
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Rodrigo Montoro(Sp0oKeR) (Oct 15)
- Re: Which Commercial Web App Scanner? Eric Milam (Oct 15)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Luca Carettoni (Oct 19)