Penetration Testing mailing list archives
Re: [PEN-TEST] AppScan
From: Yonatan Bokovza <Yonatan () XPERT COM>
Date: Thu, 21 Sep 2000 14:09:18 +0300
-----Original Message----- From: john.george [mailto:john.george () HOME COM] Sent: Wednesday, September 20, 2000 10:48 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] AppScan I very interested in knowing if anyone has any experience with an application scanner called AppScan. It is suppose to be able to continue where ISS left off, the application level.
This is the first Application Level Security Scanner i encountered. Application level is usually regarded as "additional feature" in commercial security scanners.
I started to evaluate this software today and want to see if anyone else has any good or bad points to the scanner.
I used it in one penetration test. It's very thorough, looks for many recurring misprogramming errors. I tend to use it as a reference, to make sure i didn't left out anything. It has a nice "generate your own" http queries and posts, but i'd like to see that scriptable. Fine and sexy tool, all things considered. \
The scanner is by http://www.sanctuminc.com .
Yonatan Bokovza IT Security Consultant. yonatan () xpert com Xpert Trusted Systems 972-9-9522361 Shenkar 1, Herzlia Pituach Israel.
Current thread:
- [PEN-TEST] AppScan john.george (Sep 20)
- Re: [PEN-TEST] AppScan John Weekley (Sep 20)
- <Possible follow-ups>
- Re: [PEN-TEST] AppScan Yonatan Bokovza (Sep 22)
- Re: [PEN-TEST] AppScan john.george (Sep 22)
- Re: [PEN-TEST] AppScan john.george (Sep 22)
- Re: [PEN-TEST] AppScan Briney, Andy (Sep 22)
- Re: [PEN-TEST] AppScan john.george (Sep 24)