WebApp Sec mailing list archives

Comparison report on web app security scanners

From: <Holger.Peine () iese fraunhofer de>
Date: Fri, 5 May 2006 11:12:31 +0200

As I had mentioned in another posting to this list some time ago,
a few months ago I completed a fairly extensive review of various
tools: AppScan, WebInspect, Acunetix, (note AppScan and WebInspect
have produced new versions since then), Burp, WebScarab, Spike Proxy, 
and some minor remarks on a few other tools. I used two applications as 
benchmarks: WebGoat and a proprietary application in production use. 
The report totals to about 170 pages.

A number of people have expressed their interest in this report.
Today I have finally attained a publication permit. You can download
the report at
http://fhgonline.fraunhofer.de/server?suche-publica&num=048.06/D&iese
(that page will give the abstract and bibliographic information; click
on the red link named "Volltext" to get at the actual PDF). However,
note 
that the report is in German. I regret that I do not have the time
to translate it, but anyone is invited to volunteer (and some people
already have). If you want to help in translating, drop me a line
(this applies even to those who already did, just to give me an updated
picture); I will collect all volunteer addresses and distribute them
next week, and from then on, you'll be on your own.

Kind regards,
Holger Peine

-- 
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany
Phone +49-631-6800-2134, Fax -1299 (shared)
PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE
2BBB C126 A592 48EA F9F8
  


-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------

Current thread:

Comparison report on web app security scanners Holger.Peine (May 05)
- <Possible follow-ups>
- Re: Comparison report on web app security scanners Bogdan Calin (May 16)
  - RE: Comparison report on web app security scanners Mark Curphey (May 16)
    - Re: Comparison report on web app security scanners Dean H. Saxe (May 18)
    - Re: Comparison report on web app security scanners Bogdan Calin (May 18)
- RE: Comparison report on web app security scanners Holger.Peine (May 16)
- RE: Comparison report on web app security scanners Ory Segal (May 16)
  - Re: Comparison report on web app security scanners Jeremiah Grossman (May 17)
    - RE: Comparison report on web app security scanners Mark Curphey (May 18)
    - Re: Comparison report on web app security scanners Zaninotti, Thiago (May 18)
  - Re: Comparison report on web app security scanners Eoin (May 17)

(Thread continues...)