Re: Tools comparison and evaluation question (AppScan)

["Serg B." <serg.belokamen () gmail com>]

Hi Holger, 

Thank you for the offer. 

I need this ASAP so if its going to take longer then few days then don't
worry about it. 

Mean while I'll be doing the same analysis in English, I am not sure on
privacy aspects and not 100% sure if I will be on the team analysing the
software, however if the above 2 go through I will post my report on the
net somewhere. 

In regards to German, if anyone can help that would be great. I don't
speak German. If there is no other choise, German will do - I am sure I
will be able to find someone to help.

   Cheers,
      Serg

On Fri, 2006-02-17 at 11:03 +0100, Lucien Fransman wrote:
> On Friday 17 February 2006 08:56, Peine,Holger wrote:
> Hello,
>
> If this is needed i can help somewhat with the translation. 
>
> Kind regards,
>
> Enchanter_tim
>
>
> > Serge,
> > (and whoever else on this list it may concern),
> >
> > > Without starting a flame war (hopefully) or marketing campaign
> > > (another hopefully) can any one tell me abut their experience with the
> > > software, what you find useful about it, what not, any annoyances,
> > > missing functionality, etc.
> >
> > A few months ago I completed a fairly extensive review of various
> > tools: AppScan (5.0 - note they offer 6.0 now), WebInspect, Acunetix,
> > Burp, WebScarab, Spike Proxy, and some minor remarks on a few other
> > tools.
> > I used two applications as benchmarks: WebGoat and a commercial
> > proprietary
> > application in production use by the customer that paid this evaluation
> > (sorry, NDA prevents me to say anything more about that). The report
> > totals
> > to about 170 pages.
> >
> > BUT now comes the catch: It's in German. If you can read that, and
> > ideally
> > a few more people demand the same thing, I would go the trouble of
> > clearing
> > any mentionings of our customer from it and getting a publishing permit
> > from them (no idea how long that will take, could be days or months).
> >
> > So, can you read German? Anyone else?
> >
> > > Second:
> > > Can anyone recommend any simular type of software, preferably open
> > > source (although not at all essential), and describe its performance,
> > > usability and "usefulness" so to speak using AppScan as a reference
> > > point.
> >
> > Yes, that's also in that report.
> >
> > Kind regards,
> > Holger Peine
>
> -------------------------------------------------------------------------
> This List Sponsored by: SpiDynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!" 
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world 
> examples of recent hacking methods such as: SQL Injection, Cross Site 
> Scripting and Parameter Manipulation
>
> https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
> --------------------------------------------------------------------------


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------