WebApp Sec mailing list archives
RE: Of the three expensive vulnerability scanners
From: "Don Tuer" <don.tuer () cgi com>
Date: Fri, 8 Oct 2004 09:26:45 -0400
Excellent paper, should be mandatory reading for all developers! Thanks. -----Original Message----- From: Joe Basirico [mailto:jbasirico () sisecure com] Sent: Thursday, October 07, 2004 9:09 PM To: managingrisk () gmail com; webappsec () securityfocus com Subject: RE: Of the three expensive vulnerability scanners I recently wrote a security report on vulnerability scanners that you might want to check out. I reviewed 25 scanners that might help you make a decision. In my report I talk about what scanners do and how they do it, then in the Tool review (last page) each tool is individually reviewed with an overview, strengths, weaknesses, price and some other criteria. This Security Report was intended for the audience to decide which tools hackers are learning to help compromise your servers. This is normally a subscription only report but it's free until November 30th. http://www.securityinnovation.com/security-report/vulnScanners1.htm Thank you, Joe Basirico SECURITYINNOVATION - Software Security Engineer http://www.securityinnovation.com jbasirico () sisecure com 206-227-6458 -----Original Message----- From: managingrisk () gmail com [mailto:managingrisk () gmail com] Sent: Thursday, October 07, 2004 8:31 AM To: webappsec () securityfocus com Subject: Of the three expensive vulnerability scanners I am trying to decide which of the three, supposedly "grade A" application vulnerability scanners suits our needs the best. I am looking at : 1. AppScan 2. Scando 3. WebInspect (are there others I should be looking at ? ) Obviously, each claims to be the best. That's why I look to you folks to help me out here. I would appreciate it if members of the list would share with me their experiences with the tools I listed above. Specifically around what their weaknesses, strengths, gotchas, etc are. Personally I have been using Atstake's WebProxy and I am not impressed with it at all. Thank you.
Current thread:
- Of the three expensive vulnerability scanners managingrisk (Oct 07)
- RE: Of the three expensive vulnerability scanners Joe Basirico (Oct 07)
- RE: Of the three expensive vulnerability scanners Don Tuer (Oct 09)
- Re: Of the three expensive vulnerability scanners Mark W. Webb (Nov 29)
- RE: Of the three expensive vulnerability scanners Tommy (Nov 30)
- Re: Of the three expensive vulnerability scanners Cesar (Oct 09)
- <Possible follow-ups>
- Re: Of the three expensive vulnerability scanners Tom Stracener (Oct 12)
- Re: Of the three expensive vulnerability scanners Jim+Lisa Weiler (Nov 14)
- Re: Of the three expensive vulnerability scanners Daniel (Nov 15)
- Re: Of the three expensive vulnerability scanners Jeremiah Grossman (Nov 15)
- Re: Of the three expensive vulnerability scanners Jim+Lisa Weiler (Nov 14)
- Re: Of the three expensive vulnerability scanners Tom Stracener (Nov 16)
- Re: Of the three expensive vulnerability scanners ban.marketing.bs (Nov 20)
- Re: Of the three expensive vulnerability scanners Adam Shostack (Nov 22)
(Thread continues...)
- RE: Of the three expensive vulnerability scanners Joe Basirico (Oct 07)