Penetration Testing mailing list archives
Re: Which Commercial Web App Scanner?
From: "Ivan ." <ivanhec () gmail com>
Date: Tue, 20 Oct 2009 10:45:19 +1100
Ill throw this in the mix Automated Security Testing - Can't I Just Point-n-Click? (Part 1) http://www.communities.hp.com/securitysoftware/blogs/rafal/archive/2009/10/16/security-testing-can-t-i-just-point-n-click.aspx On Fri, Oct 16, 2009 at 6:39 PM, Roman Medina-Heigl Hernandez <roman () rs-labs com> wrote:
Dan Anderson escribió:2009/10/15 Roman Medina-Heigl Hernandez <roman () rs-labs com>:PS: Norma, if you discarded Appscan due to its price then forget WebInspect too!. It will also be more difficult for you to get an eval version from a big company like HP or IBM, than from smaller ones (I'd evaluate Acunetix, if I were you).FUD.Mmmmm... let's see...http://www.ibm.com/developerworks/downloads/r/appscan/standarded.html?S_TACT=105AGX23&S_CMP=rnav"With the evaluation license you can scan only a test Web site, Altoro Mutual at http://demo.testfire.net." When I say "evaluation" I mean a *real* evaluation. If you consider that launching the app against a specially and "carefully prepared" environment is sufficient to evaluate a product then I wouldn't hire you to perform an eval job :) Please, let's be serious, Dan.https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__Same applies here. Now try to contact them for any tech (or non-tech) question about its product, evaluation conditions, eval license extension, etc. This case is real: I had 1-2 weeks to perform some quick eval and tried to contact them using the page you provided (or similar, I don't recall; you are not the only one who knows how to fill in a Google form and hit the enter key). I never got it... because when a person was (supposedly) ready to send me the eval license, 3-4 weeks had spent and I was out of my eval time, so I aborted it :) It is so simple: big company == more burocracy == more time.Two seconds with Google is your friend.Two seconds reading the former URLs, or (more time to) simply trying to ask for a real eval opportunity, and you could avoid embarrassing yourself in a public mailing-list :) Cheers, -Roman ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Which Commercial Web App Scanner? Norma Snockers (Oct 13)
- Re: Which Commercial Web App Scanner? bugtraq (Oct 13)
- RE: Which Commercial Web App Scanner? Onur YILMAZ (Oct 13)
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
- Message not available
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 19)
- Re: Which Commercial Web App Scanner? Ivan . (Oct 21)
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
- Message not available
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Rodrigo Montoro(Sp0oKeR) (Oct 15)
- Re: Which Commercial Web App Scanner? Eric Milam (Oct 15)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Luca Carettoni (Oct 19)