Penetration Testing mailing list archives
RE: Which Commercial Web App Scanner?
From: Norma Snockers <norma.snockers () hotmail co uk>
Date: Fri, 16 Oct 2009 18:20:41 +0000
<88e844b40910140651g3a8662ei3349e2b4f10df836 () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 It would be the Standard version - but are WebInspect and Acunetix able to = do the same? The test blog I saw (and linked to in an earlier mail) said that AppScan wa= s the worst in almost all cases=2C Acunetix (with AcuSensor) the better of = the 3 for finding problems and all round capability. Anyone any comments about how good AcuSensor is? Kind Regards=2C NS ----------------------------------------
Date: Wed=2C 14 Oct 2009 09:51:15 -0400 Subject: Re: Which Commercial Web App Scanner? From: patterson () nullamatix com To: norma.snockers () hotmail co uk=3B pen-test () securityfocus com On Sat=2C Oct 10=2C 2009 at 3:31 AM=2C Norma Snockers wrote:AppScan is expensive=2C so assuming that leaves WebInspect and Acunetix =
which one would you personally choose?
I've done a very small amount of evaluation - I like the initial feel of Acunetix (and it includes GHDB checks - however is that really needed?)=2C but my head is saying WebInspect. I've seen people recommen=
d
both. If you were to make a final decision=2C which would you buy between Acun=
etix and WebInspect (to be used in conjunction with open source tools) - ba= sed purely on the usability=2C functionality and efficiency of the product= =2C not the aftersales support?
Norma=2C If you do end up settling on AppScan=2C definitely go for the "Standard" or desktop edition. The "Enterprise" version isn't nearly as much fun when it comes time to weed out the false positives. I'll often run a scan with Enterprise and revert back to the Desktop version just for coming up with a working proof of concept. Developers don't like to be told their code is shit and will often say AppScan is "wrong"=2C so I'm always ready to illustrate. That glazed over look they give when a dumped user table or other sensitive information is displayed in their app is priceless. Just one of the many reasons I love my job :] Guy P. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Boa=
rd
Prove to peers and potential employers without a doubt that you can actua=
lly do a proper penetration test. IACRB CPT and CEPT certs require a full p= ractical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
=20 _________________________________________________________________ Did you know you can get Messenger on your mobile? http://clk.atdmt.com/UKM/go/174426567/direct/01/= ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RES: Which Commercial Web App Scanner?, (continued)
- RES: Which Commercial Web App Scanner? Rodrigo Matuck (Oct 13)
- Re: Which Commercial Web App Scanner? Todd Haverkos (Oct 13)
- Re: Which Commercial Web App Scanner? Rodrigo Montoro(Sp0oKeR) (Oct 15)
- Re: Which Commercial Web App Scanner? Eric Milam (Oct 15)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 15)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Luca Carettoni (Oct 19)
- RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)
- Re: Which Commercial Web App Scanner? Dotzero (Oct 15)
- Re: Which Commercial Web App Scanner? Guy (Oct 15)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)