Re: [PEN-TEST] AppScan

["Briney, Andy" <abriney () ICSA NET>]

There's an article on AppScan in Information Security magazine at
http://www.infosecuritymag.com/aug2000/applicationsecurity.htm

Andy

> -----Original Message-----
> From: john.george [mailto:john.george () HOME COM]
> Sent: Friday, September 22, 2000 1:15 PM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] AppScan
>
>
> We currently have an evaluation copy of AppScan 1.5.
> 1.5 will scan SSL connections now that the RSA Patten has expired.
> I've seen both demos of AppShield and AppScan and both were
> hits. Not a lick
> of problems. Of course the were using there own web server to scan for
> exploits.
> The list price is a little step, but I don't have to worry
> about that right
> now. I'm just doing the evaluation phase first. I will worry
> about the price
> later.
> Currently when it comes to Application Scanning, Sanctum
> doesn't seem to
> have much competition. I've done some homework on this for sure.
>
> Now on the AppShield, their seems to be products that try to
> hit that market
> but fall way short. I have also looked into this pretty
> extensive and can
> give you more info on this if needed.
>
> Please lets keep intouch about this, I'm sure I will miss
> something along
> the way.
>
> John G.
>
> ----- Original Message -----
> From: "Wade A. Malone" <wamalone () earthlink net>
> To: "john.george" <john.george () home com>
> Sent: Thursday, September 21, 2000 5:15 AM
> Subject: Re: AppScan
>
>
> > John,
> >
> > I'm surprised you paid the price for this piece of
> software.  Actually I
> > thought Sanctuminc ran it as an ASP.  I have seen demos of
> both Appscan
> and
> > Appshield, lots of problems.  They have  great reporting
> features, but the
> > dynamics of the software are questionable.
> >
> > I'll compile soem more info.  How much did you pay for the
> version? And
> did
> > you look for other comparable products.
> >
> > I'll get back to you soon.
> >
> > Wade A.
> > ----- Original Message -----
> > From: "john.george" <john.george () home com>
> > To: "Wade A. Malone" <wamalone () earthlink net>
> > Sent: Thursday, September 21, 2000 1:07 AM
> > Subject: Re: AppScan
> >
> >
> > > Currently I have no gripes about the software. Then again I just
> installed
> > > the software yesterday. I just wanted to see if anyone had any
> experience
> > > with it yet.
> > >
> > > Thanks,
> > > John G.
> > > ----- Original Message -----
> > > From: "Wade A. Malone" <wamalone () earthlink net>
> > > To: <john.george () HOME COM>
> > > Sent: Wednesday, September 20, 2000 4:17 PM
> > > Subject: Re: AppScan
> > >
> > >
> > > > John,
> > > >
> > > > What gripes or complaints do you have, what would you
> like to see.
> > > > Wade
> > > >
> > > >
> > > > > ----- Original Message -----
> > > > > From: "john.george" <john.george () HOME COM>
> > > > > To: <PEN-TEST () SECURITYFOCUS COM>
> > > > > Sent: Wednesday, September 20, 2000 4:47 PM
> > > > > Subject: AppScan
> > > > >
> > > > >
> > > > > > I very interested in knowing if anyone has any
> experience with an
> > > > > > application scanner called AppScan. It is suppose
> to be able to
> > > continue
> > > > > > where ISS left off, the application level. I
> started to evaluate
> > this
> > > > > > software today and want to see if anyone else has
> any good or bad
> > > points
> > > > > to
> > > > > > the scanner. The scanner is by http://www.sanctuminc.com .
> > > > > >
> > > > > >
> > > > > > Thanks,
> > > > > > John G.