RE: Of the three expensive vulnerability scanners

["Joe Basirico" <jbasirico () sisecure com>]

I recently wrote a security report on vulnerability scanners that you might
want to check out. I reviewed 25 scanners that might help you make a
decision. In my report I talk about what scanners do and how they do it,
then in the Tool review (last page) each tool is individually reviewed with
an overview, strengths, weaknesses, price and some other criteria. This
Security Report was intended for the audience to decide which tools hackers
are learning to help compromise your servers.

This is normally a subscription only report but it's free until November
30th.

http://www.securityinnovation.com/security-report/vulnScanners1.htm

Thank you,
Joe Basirico
SECURITYINNOVATION - Software Security Engineer
http://www.securityinnovation.com
jbasirico () sisecure com
206-227-6458

 -----Original Message-----
From: managingrisk () gmail com [mailto:managingrisk () gmail com] 
Sent: Thursday, October 07, 2004 8:31 AM
To: webappsec () securityfocus com
Subject: Of the three expensive vulnerability scanners



I am trying to decide which of the three, supposedly "grade A" application
vulnerability scanners suits our needs the best. I am looking at :

1. AppScan
2. Scando
3. WebInspect

(are there others I should be looking at ? )

Obviously, each claims to be the best. That's why I look to you folks to
help me out here. I would appreciate it if members of the list would share
with me their experiences with the tools I listed above. Specifically around
what their weaknesses, strengths, gotchas, etc are.

Personally I have been using Atstake's WebProxy and I am not impressed with
it at all.

Thank you.