Security Basics mailing list archives
Re: Web Application Scanners
From: Tom Stracener <strace () gmail com>
Date: 17 Jan 2005 20:38:23 -0000
In-Reply-To: <A494F4183EEB204185DE1490EEA03713AAE47B () vega traiana int> Leon, Yes, you should also look at Cenzic's Hailstorm (www.cenzic.com). While I was a consultant I worked with Hailstorm extensively. Its quite powerful and has in most cases a very low occurance of false positives. However, Hailstorm does presuppose a degree of expertise in the user, and as such, its not really a "shiny red button" technology that allows you to click a single button and get an all encompassing audit. It has a wealth of configuration options that an experienced user can use to fine tune the scanning process, and thereby reduce false positives and narrow the focus to specific types of application vulnerabilities. With regard to Paros, its pretty neat but not all of its features are well documented. I had a hard time creating my own plugins for it, so I set it aside for the time being. Hope this helps. -Tom
From: "Leon Rosenstein" <leonr () traiana com> To: "security basics" <security-basics () securityfocus com> Hi, Currently looking over Webinspect & Sanctum. What are some of peoples thoughts / experiences on Webinspect vs AppScan? Any other big players in the space people can suggest? =20 Thanks, Leon
Current thread:
- Web Application Scanners Leon Rosenstein (Jan 12)
- <Possible follow-ups>
- Re: Web Application Scanners Bit Rider (Jan 14)
- Re: Web Application Scanners kaps lock (Jan 17)
- Vulnerabilty Assessment & Whisker Doubts kaps lock (Jan 17)
- Re: Vulnerabilty Assessment & Whisker Doubts Hamid . K (Jan 19)
- Re: Web Application Scanners Tom Stracener (Jan 18)