WebApp Sec mailing list archives
RE: Tools comparison and evaluation question (AppScan)
From: "Peine,Holger" <Holger.Peine () iese fraunhofer de>
Date: Fri, 17 Feb 2006 08:56:55 +0100
Serge, (and whoever else on this list it may concern),
Without starting a flame war (hopefully) or marketing campaign (another hopefully) can any one tell me abut their experience with the software, what you find useful about it, what not, any annoyances, missing functionality, etc.
A few months ago I completed a fairly extensive review of various tools: AppScan (5.0 - note they offer 6.0 now), WebInspect, Acunetix, Burp, WebScarab, Spike Proxy, and some minor remarks on a few other tools. I used two applications as benchmarks: WebGoat and a commercial proprietary application in production use by the customer that paid this evaluation (sorry, NDA prevents me to say anything more about that). The report totals to about 170 pages. BUT now comes the catch: It's in German. If you can read that, and ideally a few more people demand the same thing, I would go the trouble of clearing any mentionings of our customer from it and getting a publishing permit from them (no idea how long that will take, could be days or months). So, can you read German? Anyone else?
Second: Can anyone recommend any simular type of software, preferably open source (although not at all essential), and describe its performance, usability and "usefulness" so to speak using AppScan as a reference point.
Yes, that's also in that report. Kind regards, Holger Peine -- Dr. Holger Peine, Security and Safety Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany Phone +49-631-6800-2134, Fax -1299 (shared) PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE 2BBB C126 A592 48EA F9F8 ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Tools comparison and evaluation question (AppScan) Serg Belokamen (Feb 16)
- RE: Tools comparison and evaluation question (AppScan) arian.evans (Feb 17)
- <Possible follow-ups>
- RE: Tools comparison and evaluation question (AppScan) Peine,Holger (Feb 17)
- Re: Tools comparison and evaluation question (AppScan) Lucien Fransman (Feb 17)
- Re: Tools comparison and evaluation question (AppScan) Serg B. (Feb 17)
- Re: Tools comparison and evaluation question (AppScan) Lucien Fransman (Feb 17)
- FW: Tools comparison and evaluation question (AppScan) Burke, Charles (Feb 17)
- Re: FW: Tools comparison and evaluation question (AppScan) Serg B. (Feb 17)
- RE: Tools comparison and evaluation question (AppScan) Burke, Charles (Feb 17)
- Re: Tools comparison and evaluation question (AppScan) Ratna Kumar (Feb 17)
- RE: Tools comparison and evaluation question (AppScan) Rui Pereira (WCG) (Feb 17)
- Re: FW: Tools comparison and evaluation question (AppScan) Xyberpix (Feb 17)
- Re: FW: Tools comparison and evaluation question (AppScan) Peter Wood (Feb 17)
- RE: FW: Tools comparison and evaluation question (AppScan) David Munge (Feb 17)
- Re: FW: Tools comparison and evaluation question (AppScan) Peter Wood (Feb 17)
(Thread continues...)