Re: [PEN-TEST] AppScan

[Yonatan Bokovza <Yonatan () XPERT COM>]

> -----Original Message-----
> From: john.george [mailto:john.george () HOME COM]
> Sent: Wednesday, September 20, 2000 10:48 PM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: [PEN-TEST] AppScan
>
>
> I very interested in knowing if anyone has any experience with an
> application scanner called AppScan. It is suppose to be able
> to continue
> where ISS left off, the application level.
This is the first Application Level Security Scanner i encountered.
Application level is usually regarded as "additional feature" in
commercial security scanners.

> I started to evaluate this
> software today and want to see if anyone else has any good or
> bad points to
> the scanner.
I used it in one penetration test. It's very thorough, looks for many
recurring misprogramming errors. I tend to use it as a reference,
to make sure i didn't left out anything. It has a nice "generate your
own" http queries and posts, but i'd like to see that scriptable.
Fine and sexy tool, all things considered.
\
> The scanner is by http://www.sanctuminc.com .

Yonatan Bokovza
IT Security Consultant.
yonatan () xpert com
Xpert Trusted Systems
972-9-9522361
Shenkar 1, Herzlia Pituach
Israel.