Which Commercial Web App Scanner?

[Norma Snockers <norma.snockers () hotmail co uk>]

Folks,

I've read the threads, last one about 5 months ago...

http://seclists.org/webappsec/2009/q2/68

and whilst very helpful, I'm still in a quandry.

AppScan is expensive, so assuming that leaves WebInspect and Acunetix which one would you personally choose?

I've done a very small amount of evaluation - I like the initial feel of
Acunetix (and it includes GHDB checks - however is that really
needed?), but my head is saying WebInspect.  I've seen people recommend
both.

If you were to make a final decision, which would you buy between Acunetix and WebInspect (to be used in conjunction 
with open source tools) - based purely on the usability, functionality and efficiency of the product, not the 
aftersales support?

Many thanks.                                      
_________________________________________________________________
Use Hotmail to send and receive mail from your different email accounts.
http://clk.atdmt.com/UKM/go/167688463/direct/01/
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------