WebApp Sec mailing list archives
RE: Spi's products worth a try? Or any suggestions for developers' tool?
From: "Thomas Ryan" <tryan () siegeworksint com>
Date: Sun, 6 Nov 2005 17:04:02 -0800
Aman, Are you looking to allow all of your developers to scan their own applications on their local desktop? Are you developing ASP, ASP.NET, Java or PHP Applications? If you are looking for a scanner for developers, you have 2 choices...DevInspect or AppScan DE. DevInspect and SecureObjects are tightly integrated with Visual Studio .NET, while AppScan DE Scans the Application at Runtime on the developer's desktop. Scanning solutions serve a purpose within application security, Even though at best they find 30% of the problems. If you chose to scanning solution for your QA process I would look at NTOSpider ( http://www.ntobjectives.com/products/ntospider.php ) or WebInspect ( http://www.spidynamics.com/products/webinspect/index.html ) Before choosing a scanner, I would develop a testing criteria and test the scanners against several different types of internal applications. Thomas Ryan Senior Security Consultant SiegeWorks International -----Original Message----- From: Aman Raheja [mailto:araheja () techquotes com] Sent: Friday, November 04, 2005 9:40 AM To: webappsec () securityfocus com Subject: Spi's products worth a try? Or any suggestions for developers' tool? Hello Anyone has any experiance with Spi's tools for web application vulnerability scanning? http://www.spidynamics.com/products/index.html I need to suggest developers' tool so that they can self assess their application and reduce the overhead of the testing team. Any advice? Thanks in advance. Regards Aman Raheja http://www.techquotes.com
Current thread:
- Spi's products worth a try? Or any suggestions for developers' tool? Aman Raheja (Nov 04)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? Darren Bounds (Nov 06)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Thomas Ryan (Nov 06)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? Eoin Keary (Nov 07)
- <Possible follow-ups>
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Ory Segal (Nov 05)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Ory Segal (Nov 05)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Phil Pavay (Nov 05)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Thomas Brennan (Nov 06)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Brokken, Allen P. (Nov 07)