Re: [PEN-TEST] AppScan

["john.george" <john.george () HOME COM>]

I will keep you updated as time goes by. So have you found any good info on Sanctum? 

I've looked at Clicknet and feel it does not sever the same perpose. Clicknet protects the operating system and API's. 
They are subscription based and require continual updating to the library of signatures that are recognized.  The 
product does not actively protect the HTTP and therefore does not provide web application security.  Clicknet can 
identify and prevent specific known attacks such as buffer overflows, getadmin, and some other attacks, but does not 
protect against site defacement, sequel queries,  holes in the application, pearl scripts, etc. 
Let stay intouch on this.

John G.
  ----- Original Message ----- 
  From: Greg Jensen 
  To: john.george () home com 
  Sent: Wednesday, September 20, 2000 3:44 PM
  Subject: AppScan


  Fellow Cable modem user.....

  I too am doing a good amount of research on this company, and it's products AppScan and AppShield.  If you would be 
so kind, as to forward to me any responses that you get on this (good or bad).  I would greatly appreciate it!

  If it is just as an assesment tool, this is the only product, but if you are looking in the direction of Sanctum's 
other tool, thier (kindof an IDS) AppShield, then also look at ClickNet, as they also offer a similar tool.

  Thanks!

  -Greg

  -----Original Message-----

  From: john.george [mailto:john.george () HOME COM]

  Sent: Wednesday, September 20, 2000 3:48 PM

  To: PEN-TEST () SECURITYFOCUS COM

  Subject: [PEN-TEST] AppScan



  I very interested in knowing if anyone has any experience with an

  application scanner called AppScan. It is suppose to be able to continue

  where ISS left off, the application level. I started to evaluate this

  software today and want to see if anyone else has any good or bad points to

  the scanner. The scanner is by http://www.sanctuminc.com .



  Thanks,

  John G.