RE: Spi's products worth a try? Or any suggestions for developers' tool?

["Thomas Ryan" <tryan () siegeworksint com>]

Aman,

Are you looking to allow all of your developers to scan their own
applications on their local desktop? Are you developing ASP, ASP.NET, Java
or PHP Applications?  If you are looking for a scanner for developers, you
have 2 choices...DevInspect or AppScan DE. 

DevInspect and SecureObjects are tightly integrated with Visual Studio .NET,
while AppScan DE Scans the Application at Runtime on the developer's
desktop.

Scanning solutions serve a purpose within application security, Even though
at best they find 30% of the problems. If you chose to scanning solution for
your QA process I would look at NTOSpider (
http://www.ntobjectives.com/products/ntospider.php ) or WebInspect (
http://www.spidynamics.com/products/webinspect/index.html )

Before choosing a scanner, I would develop a testing criteria and test the
scanners against several different types of internal applications. 


Thomas Ryan
Senior Security Consultant
SiegeWorks International

-----Original Message-----
From: Aman Raheja [mailto:araheja () techquotes com] 
Sent: Friday, November 04, 2005 9:40 AM
To: webappsec () securityfocus com
Subject: Spi's products worth a try? Or any suggestions for developers'
tool? 

Hello
Anyone has any experiance with Spi's tools for web application 
vulnerability scanning?
http://www.spidynamics.com/products/index.html
I need to suggest developers' tool so that they can self assess their 
application and reduce the overhead of the testing team.
Any advice?
Thanks in advance.
Regards
Aman Raheja

http://www.techquotes.com