Security Basics mailing list archives
Re: Web Application Vulnerability Scanner
From: zackPeters75 () yahoo com
Date: 2 Nov 2007 01:25:42 -0000
I had to evaluate some automated web app scanners a few months back. We weren't using anything and I was tasked with choosing one. I ended up looking at the big three (Spi, Watchfire, Cenzic) and chose Cenzic's Hailstorm.
From a web app vulnerability perspective, I love it. Tons of options to customize and tweak. As I keep learning more about web app security, I find that I can directly configure their product to do what I want.
PCI was an element of our eval but not a huge part. I can give our developers what they need to fix and how. We still need to hire an outside auditor / certification agency for that final sign off. My two cents. Zack
Current thread:
- Re: Web Application Vulnerability Scanner, (continued)
- Re: Web Application Vulnerability Scanner Erin Carroll (Nov 01)
- Re: Web Application Vulnerability Scanner AJ (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- Re: Web Application Vulnerability Scanner AJ (Nov 02)
- Re: Web Application Vulnerability Scanner Brian Laing (Nov 01)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- Re: Re: Web Application Vulnerability Scanner dbennett8 (Nov 02)
- Re: Re: Web Application Vulnerability Scanner Jax Lion (Nov 02)
- RE: Re: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- Re: Re: Web Application Vulnerability Scanner Jax Lion (Nov 02)
- Re: Web Application Vulnerability Scanner zackPeters75 (Nov 02)
- Re: Web Application Vulnerability Scanner Erin Carroll (Nov 01)