Re: Cenzic Hailstorm vs Rational AppScan from IBM

[Neil Matatall <neil.m () UCI EDU>]

We use Appscan and I have had some issues with it.  These issues are few
and far between (had issues with re-tests not picking up changes) and
the browser inside of Appscan has a few shortcomings (no status bar,
erratic behavior).

Regarding of the effectiveness of Appscan, it has never let us down
(yet? knocks on wood).  I have had no major complaints or felt the need
to submit a support ticket.

However, I have not used Hailstrom so I cannot recommend one over the
other.  Are there any independent studies on these products?

Neil

Jon Hanny wrote:
> We bough Cenzic almost a year ago and thus far are happy with the product.
> Having said that, there really is no replacement for a well seasoned
> penetration tester. I did not try Appscan so I cannot speak to how they
> compare.
>
> Respectfully,
>
> Jon Hanny, CISSP
> Application Security Specialist
> The George Washington University
> 703-726-4469
> jehanny () gwu edu
> appsec () gwu edu
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Erik Decker
> Sent: Thursday, December 11, 2008 1:23 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Cenzic Hailstorm vs Rational AppScan from IBM
>
> All,
>
> We are currently evaluating two web vulnerability scanning products:  Cenzic
> Hailstrom and IBM's appscan.
>
> Has anyone ever used Hailstorm before?  If so, do you like their product?
> Did you run a comparison against Appscan?
>
> Cenzic seems to be a new player to this market.  Their product seems fairly
> robust, but we are a little unsure of it.  Our team has used Appscan in the
> past, but we are open to change.
>
> Thanks!