WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: FW: Tools comparison and evaluation question (AppScan)

From: "Brokken, Allen P." <BrokkenA () missouri edu>
Date: Fri, 17 Feb 2006 10:02:26 -0600
There was a fairly extensive thread on this topic in August if you check
the archives at Security Focus for the subject "Application Assessment"

[Moderator feel free to moderate the following if inappropriate]

My personal experience with WebInspect was chosen by SANS for a What
Works WebCast that aired yesterday.

https://www.sans.org/webcasts/show.php?webcastid=90696 

 
Allen Brokken
Information Security and Account Management - IAT Services - University
of Missouri -brokkena () missouri edu - (573)884-8708

-----Original Message-----
From: Peter Wood [mailto:peterw () firstbase co uk] 
Sent: Friday, February 17, 2006 9:06 AM
To: webappsec () securityfocus com
Cc: Charles'
Subject: Re: FW: Tools comparison and evaluation question (AppScan)

We use WebInspect on a daily basis too, and have done so since 
version 1.0.  It's an excellent tool with some excellent (and 
constantly improving) utilities.

Pete

At 13:46 17/02/2006 +0000, Xyberpix wrote:

I use WebInspect pretty much ona  daily basis, and wouldn't trade it
for anything.
As far as tools go, it really is a worthwhile addition.

xyberpix


-----Original Message-----
From: Burke, Charles
Sent: Friday, February 17, 2006 7:47 AM
To: 'Serg Belokamen'
Subject: RE: Tools comparison and evaluation question (AppScan)

Also, WebInspect is a very good (commercial) tool.  It also includes
some invaluable utilities (Sql Injector, etc) that are a step above
their open source competitors.

-----Original Message-----
From: Serg Belokamen [serg.belokamen () gmail com]
Sent: Friday, February 17, 2006 2:04 AM
To: webappsec () securityfocus com
Subject: Tools comparison and evaluation question (AppScan)


Hi All,

I am currently looking at using/evaluating a tool called AppScan (by
watchfire.com).

So the question is in two parts and ASAP reply would be greatly
appreciated.

First:
Without starting a flame war (hopefully) or marketing campaign

(another

hopefully) can any one tell me abut their experience with the

software,

what you find useful about it, what not, any annoyances, missing
functionality, etc.

Second:
Can anyone recommend any simular type of software, preferably open
source (although not at all essential), and describe its performance,
usability and "usefulness" so to speak using AppScan as a reference
point.

  Thanks,
      Serg



--------------------------------------------------------------------
Peter Wood FBCS CITP MIEEE MIMIS CISSP
Chief of Operations
First Base Technologies
Office: +44 (0)1273 454525
Mobile: +44 (0)7774 239915
www.fbtechies.co.uk
www.white-hats.co.uk


------------------------------------------------------------------------
-
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
l
------------------------------------------------------------------------
--


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: