Penetration Testing mailing list archives
RE: Spi's products worth a try? Or any suggestions for developers' tool?
From: "Mike Pearson" <mp () digitalstakeout com>
Date: Sun, 6 Nov 2005 12:37:02 -0500
My company conducted a through evaluation of SPI WebInspect, Watchfire AppScan, Acunetix and various open source products and ended up choosing a combination of AppScan and open source as the primary backend for our service, Threat Portal VMS. One thing to keep in mind is that Watchfire holds the definitive patent for conducting intelligent web crawling for vulnerabilities. Both SPI and Acunetix had to pay Watchfire multi-million dollar royalty payments in order to use the patent. SPI may be a little faster with new updates but Watchfire invented the process. Mike Pearson www.digitalstakeout.com -----Original Message----- From: Evans, Arian [mailto:Arian.Evans () fishnetsecurity com] Sent: Friday, November 04, 2005 1:53 PM To: Aman Raheja; pen-test () securityfocus com Subject: RE: Spi's products worth a try? Or any suggestions for developers' tool? 1. I would suggest SPI's tools are worth evaluation. 2. For other tools to evaluate, you will find a fairly comprehensive starting point in this PPT: http://www.owasp.org/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2- Day1/AppSec2005DC-Arian_Ev ans_Tools-Taxonomy.ppt -ae
-----Original Message----- From: Aman Raheja [mailto:araheja () techquotes com] Sent: Friday, November 04, 2005 12:56 AM To: pen-test () securityfocus com Subject: Spi's products worth a try? Or any suggestions for developers' tool? Hello Anyone has any experiance with Spi's tools for web application vulnerability scanning? http://www.spidynamics.com/products/index.html I need to suggest developers' tool so that they can self assess their application and reduce the overhead of the testing team. Any advice? Thanks in advance. Regards Aman Raheja http://www.techquotes.com -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- -----------------
---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Spi's products worth a try? Or any suggestions for developers' tool? Aman Raheja (Nov 04)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? Peter Wood (Nov 05)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? Cory Stoker (Nov 07)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Mike Pearson (Nov 08)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? caseytay (Nov 08)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Thomas Ryan (Nov 09)
- <Possible follow-ups>
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Evans, Arian (Nov 05)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Mike Pearson (Nov 06)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Rui Pereira (WCG) (Nov 06)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Evans, Arian (Nov 07)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Ory Segal (Nov 10)