WebApp Sec mailing list archives
RE: Spi's products worth a try? Or any suggestions for developers' tool?
From: "Ory Segal" <osegal () watchfire com>
Date: Sun, 6 Nov 2005 03:24:18 +0200
Hello, The person who initiated this thread requested suggestions for developer tools to help assess web applications for security problems. While according to this list's FAQ, posts should not contain commercial/marketing information, we can't escape the fact that often times, vendors' products are mentioned, and I thought it would only be fair to suggest other alternatives as well. My suggestion for readers of this list who want to get a complete and thorough idea of the available web application security tools, is to read the "Web Security" mailing list (maintained by the Web Application Security Consortium - WASC: http://www.webappsec.org/lists/websecurity/ ). Thank you, -Ory Segal, Watchfire (www.watchfire.com) -----Original Message----- From: Phil Pavay [mailto:philp () cenzic com] Sent: Sunday, November 06, 2005 1:48 AM To: Ory Segal; Aman Raheja; webappsec () securityfocus com Subject: RE: Spi's products worth a try? Or any suggestions for developers' tool? Folks, I am a participant in this email list and very much appreciate the technical content and learned opinions and research discussed within these topics. I am also under the impression (and would like the moderator to clarify) that this is not a marketing and sales tool for the vendors. Phil Pavay - Cenzic -----Original Message----- From: Ory Segal [mailto:osegal () watchfire com] Sent: Saturday, November 05, 2005 2:00 AM To: Aman Raheja; webappsec () securityfocus com Subject: RE: Spi's products worth a try? Or any suggestions for developers' tool? Hi, You may want to download and evaluate Watchfire's AppScan, it also has a version specifically for developers, You can find more information at: http://www.watchfire.com/products/security/default.aspx Among other features of the product, you will also find elaborate fix recommendations, which include secure coding samples both in ASP.NET (C# and VB.NET) as well as Java (J2EE). -Ory Segal Watchfire. -----Original Message----- From: Aman Raheja [mailto:araheja () techquotes com] Sent: Friday, November 04, 2005 7:40 PM To: webappsec () securityfocus com Subject: Spi's products worth a try? Or any suggestions for developers' tool? Hello Anyone has any experiance with Spi's tools for web application vulnerability scanning? http://www.spidynamics.com/products/index.html I need to suggest developers' tool so that they can self assess their application and reduce the overhead of the testing team. Any advice? Thanks in advance. Regards Aman Raheja http://www.techquotes.com
Current thread:
- Spi's products worth a try? Or any suggestions for developers' tool? Aman Raheja (Nov 04)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? Darren Bounds (Nov 06)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Thomas Ryan (Nov 06)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? Eoin Keary (Nov 07)
- <Possible follow-ups>
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Ory Segal (Nov 05)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Ory Segal (Nov 05)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Phil Pavay (Nov 05)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Thomas Brennan (Nov 06)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Brokken, Allen P. (Nov 07)