Security Basics mailing list archives
Re: Web Application Vulnerability Scanner
From: AJ <heuristix () gmail com>
Date: Thu, 1 Nov 2007 17:07:50 -0400
I second the WebInspect recommendation. To add to Erin's "plug and play" comment, it is indeed plug and play but if you are the kind of person who likes to roll their own security tests it is also very customization friendly. The "custom agent" functionality which let's you do this is pretty cool. In the interest of fair disclosure I interned at the company that made WI (SpiDynamics, since then they have been acquired by HP). Aarjav On 11/1/07, Erin Carroll <amoeba () amoebazone com> wrote:
Jax, There are multiple commercial solutions available which would satisfy your PCI requirements; WebInspect, Qualys, WatchGuard to name a few of the Best of Breed. However, the best choice really depends on your internal security expertise and ability to translate tool results output to PCI compliant-ese or the tool's built-in reporting capabilities. My personal recommendation would be WebInspect on the strength of the tool from a purely security focus but if you are looking for plug n play solution which outputs results in PCI format to run past your auditors your best bet may be Qualys. Hope that helps some. If you have more questions please feel free to ping me off-list. -- Erin Carroll Moderator, SecurityFocus pen-test mailing list On Thu, 1 Nov 2007, Jax Lion wrote:My company is looking to invest on a web application vulnerability scanner for PCI compliance. I do not know what is the latest and greatest, but our auditor informed us that Nessus would no longer cut it. The scanner must satisfy PCI requirements, so if you have worked or working on a PCI project - I'm open to recommendations.
Current thread:
- Web Application Vulnerability Scanner Jax Lion (Nov 01)
- Re: Web Application Vulnerability Scanner Erin Carroll (Nov 01)
- Re: Web Application Vulnerability Scanner AJ (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- Re: Web Application Vulnerability Scanner AJ (Nov 02)
- Re: Web Application Vulnerability Scanner Brian Laing (Nov 01)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- <Possible follow-ups>
- Re: Re: Web Application Vulnerability Scanner dbennett8 (Nov 02)
- Re: Re: Web Application Vulnerability Scanner Jax Lion (Nov 02)
- RE: Re: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- Re: Re: Web Application Vulnerability Scanner Jax Lion (Nov 02)
- Re: Web Application Vulnerability Scanner zackPeters75 (Nov 02)
- Re: Web Application Vulnerability Scanner Erin Carroll (Nov 01)