Penetration Testing mailing list archives

RE: Which Commercial Web App Scanner?

From: "Onur YILMAZ" <contact () onuryilmaz info>
Date: Tue, 13 Oct 2009 20:48:03 +0300

Hi,

You can try it Netsparker Web Application Security Scanner:
www.mavitunasecurity.com 

Regards.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Norma Snockers
Sent: Saturday, October 10, 2009 10:32 AM
To: pen-test () securityfocus com
Subject: Which Commercial Web App Scanner?


Folks,

I've read the threads, last one about 5 months ago...

http://seclists.org/webappsec/2009/q2/68

and whilst very helpful, I'm still in a quandry.

AppScan is expensive, so assuming that leaves WebInspect and Acunetix which
one would you personally choose?

I've done a very small amount of evaluation - I like the initial feel of
Acunetix (and it includes GHDB checks - however is that really
needed?), but my head is saying WebInspect.  I've seen people recommend
both.

If you were to make a final decision, which would you buy between Acunetix
and WebInspect (to be used in conjunction with open source tools) - based
purely on the usability, functionality and efficiency of the product, not
the aftersales support?

Many thanks.                                      
_________________________________________________________________
Use Hotmail to send and receive mail from your different email accounts.
http://clk.atdmt.com/UKM/go/167688463/direct/01/
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Which Commercial Web App Scanner? Norma Snockers (Oct 13)
- Re: Which Commercial Web App Scanner? bugtraq (Oct 13)
- RE: Which Commercial Web App Scanner? Onur YILMAZ (Oct 13)
  - Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
    - Message not available
    - Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 19)
    - Re: Which Commercial Web App Scanner? Ivan . (Oct 21)
    - Message not available
    - RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- RES: Which Commercial Web App Scanner? Rodrigo Matuck (Oct 13)
- Re: Which Commercial Web App Scanner? Todd Haverkos (Oct 13)
  - Re: Which Commercial Web App Scanner? Rodrigo Montoro(Sp0oKeR) (Oct 15)
  - Re: Which Commercial Web App Scanner? Eric Milam (Oct 15)
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 15)
  - RE: Which Commercial Web App Scanner? Darren Webb (Oct 19)

(Thread continues...)