Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Which Commercial Web App Scanner?

From: Norma Snockers <norma.snockers () hotmail co uk>
Date: Thu, 15 Oct 2009 07:25:24 +0000

Thanks for all the replies so far, all good info for digestion. I appreciate it's a developing field, subject to rapid 
change and no substitute for manual testing.

I intend to use as a timesaving tool alongside manual testing to enhance/develop my experience/understanding.

I wasn't aware of Hailstorm and found this review http://www.scmagazineus.com/Cenzic-Hailstorm/Review/1081/ - although 
it is early last year and may have changed.  If the price is still current then although it might be the better 
product, this places it out of reach budget-wise compared to the opposition.

Netsparker also looks intriguing http://www.mavitunasecurity.com/ - has anyone become a beta tester who can comment?

I've seen the test comparison between my 3 original possibles here http://drop.io/anantasecfiles which seems to 
indicate that Acunetix (plus Acusensor) could be the best?  AppScan found much more against its own test website than 
the others, and likewise WebInspect - to be expected perhaps.

Still investigating.






----------------------------------------

From: norma.snockers () hotmail co uk
To: pen-test () securityfocus com
Subject: Which Commercial Web App Scanner?
Date: Sat, 10 Oct 2009 07:31:56 +0000


Folks,

I've read the threads, last one about 5 months ago...

http://seclists.org/webappsec/2009/q2/68

and whilst very helpful, I'm still in a quandry.

AppScan is expensive, so assuming that leaves WebInspect and Acunetix which one would you personally choose?

I've done a very small amount of evaluation - I like the initial feel of
Acunetix (and it includes GHDB checks - however is that really
needed?), but my head is saying WebInspect.  I've seen people recommend
both.

If you were to make a final decision, which would you buy between Acunetix and WebInspect (to be used in conjunction 
with open source tools) - based purely on the usability, functionality and efficiency of the product, not the 
aftersales support?

Many thanks.
_________________________________________________________________
Use Hotmail to send and receive mail from your different email accounts.
http://clk.atdmt.com/UKM/go/167688463/direct/01/
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


                                          
_________________________________________________________________
Did you know you can get Messenger on your mobile?
http://clk.atdmt.com/UKM/go/174426567/direct/01/
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: