WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OS XSS and SQL scanner

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Wed, 2 Aug 2006 16:53:32 +0530
On 01/08/06 13:35 -0500, Arian J. Evans wrote:

 


-----Original Message-----
From: Mandeep Khera [mailto:mandeep () cenzic com] 

I am sorry to hear that you perceive some problems with our 
product. We take pride in being the most accurate product 
with least amount of false positives in the industry. This 
has been proven in many bake-offs by customers and 
independent journalists.


Hate to take this a little off topic, but do you have any facts
that can support or back up these claims? Any data produced by
anyone competent that speaks to your "false positives" and also
your "false negatives"?



(S)he said that they had the least amount of false positives. If
everyone else had 100000 FPs, while they had 99999 FPs, that is the
least number of FPs too. That doesn't mean that the product is useful in
any way.

Devdas Bhagat

-------------------------------------------------------------------------
Sponsored by: Watchfire

Do you test web applications for XSS, SQL Injections, Buffer Overflows, 
Logical issues and other web application security threats? Why not 
automate this work with Watchfire's AppScan, the world's leading 
automated web application scanner. Download AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701300000008BP9
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: