Penetration Testing mailing list archives

RE: Spi's products worth a try? Or any suggestions for developers' tool?


From: "Mike Pearson" <mp () digitalstakeout com>
Date: Tue, 8 Nov 2005 07:40:06 -0500

I may have been mistaken as to the total dollar amount and type of deal that
was struck between SPI and Watchfire. I was just informed by an associate
that it was more of a cross-licensing deal. Also, I just found the attached
review which could impact our decision to renew with Watchfire. 


Here is the link if the attachment doesn't come across.

http://www.secureenterprisemag.com/products/showArticle.jhtml?articleID=1694
00383

-----Original Message-----
From: Cory Stoker [mailto:cory () clearnetsec com] 
Sent: Monday, November 07, 2005 2:56 PM
To: Aman Raheja; pen-test () securityfocus com
Subject: Re: Spi's products worth a try? Or any suggestions for developers'
tool?

I have used SPI Web inspect and it is a pretty good tool.  It is not  
a run and forget tool but it is valuable in a web assessment.  Mostly  
it is a time saver as it does many tests automatically so you do not  
have to write scripts for the repetitive tasks.  One thing that rocks  
is the SPI toolkit option for Web Inspect as it is a framework for  
manual testing that is pretty comprehensive.  However the licensing  
scheme for Web Inspect is very restrictive and expensive for a tool  
of this nature IMHO.  For example the cheaper licenses restrict you  
to a single IP but the site wide license is very pricey.  Also if  
your site utilizes Javascript heavily, SPI will have a tougher time  
crawling your site and analyzing it.  If a site has Javascript you  
would manually crawl the site first then analyze the pages crawled.

---
Cory Stoker
ClearNet Security


On Nov 3, 2005, at 11:55 PM, Aman Raheja wrote:

Hello
Anyone has any experience with Spi's tools for web application  
vulnerability scanning?
http://www.spidynamics.com/products/index.html
I need to suggest developers' tool so that they can self assess  
their application and reduce the overhead of the testing team.
Any advice?
Thanks in advance.
Regards
Aman Raheja

http://www.techquotes.com


---------------------------------------------------------------------- 
--------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications  
on your website. Up to 75% of cyber attacks are launched on  
shopping carts, forms, login pages, dynamic content etc. Firewalls,  
SSL and locked-down servers are futile against web application  
hacking. Check your website for vulnerabilities to SQL injection,  
Cross site scripting and other web attacks before hackers do!  
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
---------------------------------------------------------------------- 
---------




----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


Current thread: