Penetration Testing mailing list archives
RES: Which Commercial Web App Scanner?
From: "Rodrigo Matuck" <rodrigo.matuck () future com br>
Date: Tue, 13 Oct 2009 15:09:55 -0300
Hi Norma I already used 3 differents of Web App Scanners in my company. Acunetix, AppScan and N-Stalker. Acunetix and N-Stalker is more cheap, however we got a lot of false-positivies with Acunetix. N-Stalker do the job, but not so well like AppScan. About the HP WebInspect i recently did a training of SecureSphere - Imperva and the instructor recommended that tool, but i never used. In my opinion take the HP WebInspect. Regards, Rodrigo Matuck Roque Security Analyst - Penetration Tester -----Mensagem original----- De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Em nome de Norma Snockers Enviada em: sábado, 10 de outubro de 2009 04:32 Para: pen-test () securityfocus com Assunto: Which Commercial Web App Scanner? Folks, I've read the threads, last one about 5 months ago... http://seclists.org/webappsec/2009/q2/68 and whilst very helpful, I'm still in a quandry. AppScan is expensive, so assuming that leaves WebInspect and Acunetix which one would you personally choose? I've done a very small amount of evaluation - I like the initial feel of Acunetix (and it includes GHDB checks - however is that really needed?), but my head is saying WebInspect. I've seen people recommend both. If you were to make a final decision, which would you buy between Acunetix and WebInspect (to be used in conjunction with open source tools) - based purely on the usability, functionality and efficiency of the product, not the aftersales support? Many thanks. _________________________________________________________________ Use Hotmail to send and receive mail from your different email accounts. http://clk.atdmt.com/UKM/go/167688463/direct/01/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ -- Esta mensagem (incluindo qualquer anexo) é confidencial e legalmente protegida, somente podendo ser usada pelo individuo ou entidade a quem foi endereçada. Caso você a tenha recebido por engano, deverá devolver ao remetente e, posteriormente apagar, pois a disseminação, encaminhamento, uso, impressão ou cópia do conteúdo desta mensagem são expressamente proibidos. This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should return and then delete this message. Any disclosure, copying, printing, use or distribution of this message, or the taking of any part is ilegal. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Which Commercial Web App Scanner? Norma Snockers (Oct 13)
- Re: Which Commercial Web App Scanner? bugtraq (Oct 13)
- RE: Which Commercial Web App Scanner? Onur YILMAZ (Oct 13)
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
- Message not available
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 19)
- Re: Which Commercial Web App Scanner? Ivan . (Oct 21)
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
- Message not available
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Rodrigo Montoro(Sp0oKeR) (Oct 15)
- Re: Which Commercial Web App Scanner? Eric Milam (Oct 15)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Luca Carettoni (Oct 19)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)