RE: Spi's products worth a try? Or any suggestions for developer s' tool?

[Jeff Robertson <jeff.robertson () digitalinsight com>]

I would suggest that what will reduce the testers' time is teaching the
developers to code securely. I know that sounds like a tautology, but
they're going to have to know it anyway if you expect them to make sense of
what they get out of a scan.

In any case, I would think that source code analysis would be the most
useful tool for developers. Developers think in terms of code, and you
aren't going to change that. Hit them where they live.

Sorry, I can't recommend any ;-)

Jeff Robertson
Manager of Web Application Security
Digital Insight


> -----Original Message-----
> From: Aman Raheja [mailto:araheja () techquotes com]
> Sent: Friday, November 04, 2005 12:40
> To: webappsec () securityfocus com
> Subject: Spi's products worth a try? Or any suggestions for 
> developers'
> tool? 
>
>
> Hello
> Anyone has any experiance with Spi's tools for web application 
> vulnerability scanning?
> http://www.spidynamics.com/products/index.html
> I need to suggest developers' tool so that they can self assess their 
> application and reduce the overhead of the testing team.
> Any advice?
> Thanks in advance.
> Regards
> Aman Raheja
>
> http://www.techquotes.com