Re: Tools comparison and evaluation question (AppScan)

[Petr.Kazil () eap nl]

> the list of tools I've put together is
> Commercial Tools
> -----------------
> SPI Webinspect

We have a license for this and it's not cheap.
I'm not the guy who uses this tool, but my colleagues do.
> From what I've seen over their shoulders:

- it's very powerful and relatively intelligent in interpreting the 
results it gets from the website (more intelligent than nikto)
- it's produced surprising results several times that we wouldn't have 
found by hand
- if you run it full throttle it can crash a weak server
- it produces a lot of output that you have to scrutinize by hand
- it needs a lot of time to tame, and a lot of time to get used to.

But overall we are satisfied. We just renewed the license for another 
year.
I also have the feeling that SPI staff is very approachable.

Of course we are curious about your experiences ...


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------