Penetration Testing mailing list archives
Re: Which Commercial Web App Scanner?
From: bugtraq () cgisecurity net
Date: Tue, 13 Oct 2009 14:46:32 -0400 (EDT)
I would suggest identifying what you need before selecting a product. The Web Application Security Consortium has just published a guide on how to do exactly this at http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria . Regards, - Robert http://www.cgisecurity.com/ http://www.webappsec.org/ http://www.qasec.com/
Folks=2C I've read the threads=2C last one about 5 months ago... http://seclists.org/webappsec/2009/q2/68 and whilst very helpful=2C I'm still in a quandry. AppScan is expensive=2C so assuming that leaves WebInspect and Acunetix whi= ch one would you personally choose? I've done a very small amount of evaluation - I like the initial feel of Acunetix (and it includes GHDB checks - however is that really needed?)=2C but my head is saying WebInspect.=A0 I've seen people recommend both. If you were to make a final decision=2C which would you buy between Acuneti= x and WebInspect (to be used in conjunction with open source tools) - based= purely on the usability=2C functionality and efficiency of the product=2C = not the aftersales support? Many thanks. =0A= _________________________________________________________________=0A= Use Hotmail to send and receive mail from your different email accounts.=0A= http://clk.atdmt.com/UKM/go/167688463/direct/01/= ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Which Commercial Web App Scanner? Norma Snockers (Oct 13)
- Re: Which Commercial Web App Scanner? bugtraq (Oct 13)
- RE: Which Commercial Web App Scanner? Onur YILMAZ (Oct 13)
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
- Message not available
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 19)
- Re: Which Commercial Web App Scanner? Ivan . (Oct 21)
- Re: Which Commercial Web App Scanner? Roman Medina-Heigl Hernandez (Oct 15)
- Message not available
- RE: Which Commercial Web App Scanner? Norma Snockers (Oct 19)
- Re: Which Commercial Web App Scanner? Rodrigo Montoro(Sp0oKeR) (Oct 15)
- Re: Which Commercial Web App Scanner? Eric Milam (Oct 15)