WebApp Sec mailing list archives
RE: Top webapp pentesting vendors?
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Wed, 9 Apr 2008 11:30:25 -0700
I'll keep this to vendors since I don't want to pimp my own company for the consulting portion of the question (trying to keep this advice neutral... but if you want to contact me off-list we kick ass in this area. Just sayin'... *grin*) I've used SPI Dynamic's WebInspect many times in the past both as an engagement-based license and as an annual purchase customer and can attest that the product is top notch. SPI was bought by HP so it's HP WebInspect now. Watchfire's AppScan is also an excellent product. With the newest release you have the ability to use external modules/apps for various call-out purposes or data dumps so it provides a fairly nice framework workspace with a lot of flexibility and extension. I don't have as much hands-on with their newest as WebInspect but they have consistently been solid. Others have mentioned vendors to look into but you have to realize that without some in-house expertise to get the best ROI and performance from these tools you're only going to catch the low-hanging fruit. If your application environment is very complex automated tools will only get you so far and will miss a lot. If these are major concerns then you may be better off going with a services solution provider that specializes in the area. You don't specify if this is compliance driven which is another factor to consider. Some consulting shops will provide great results from a vulnerability assessment viewpoint but may not be able to adequately address compliance or auditing concerns. Hope you find the info you are looking for, -- Erin Carroll Moderator, SecurityFocus pen-test mailing list amoeba () amoebazone com "Do Not Taunt Happy-Fun Ball" -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Barnett Sent: Tuesday, April 08, 2008 7:09 PM To: webappsec () securityfocus com; billbrietstout () yahoo com Subject: Re: Top webapp pentesting vendors? I would not consider Trustwave for any web application testing. They are a PCI shop. I highly recommend WhiteHat. Everyone there really knows this area. Also, Spidynamics, or even Cybertrust, On Mon, Apr 7, 2008 at 10:36 PM, Clint P. Garrison <garrison.clint () gmail com> wrote:
I would look at Trustwave. They specialize in e-commerce web applications security, including pen-testing and code reviews.
https://www.trustwave.com
Send me your contact information and I can get you in touch with the
right
people to answer any questions you may have. Clint P. Garrison MBA, MS, CISSP, QSA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On
Behalf Of Bill Stout Sent: Monday, April 07, 2008 6:56 PM To: webappsec () securityfocus com Subject: Top webapp pentesting vendors? Hello All, I'm not sure if this is an appropriate question for the list, but who are the top consulting companies or vendors for webapp security? Specifically, I'm searching for consulting orgs that can audit a complex
web
site with some ecommerce functions. Thanks, Bill Stout ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in
the
development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this
Whitepaper
today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Top webapp pentesting vendors? Bill Stout (Apr 07)
- RE: Top webapp pentesting vendors? Clint P. Garrison (Apr 07)
- Re: Top webapp pentesting vendors? David Barnett (Apr 09)
- RE: Top webapp pentesting vendors? Erin Carroll (Apr 09)
- Re: Top webapp pentesting vendors? David Barnett (Apr 09)
- RE: Top webapp pentesting vendors? Darren Webb (Apr 09)
- <Possible follow-ups>
- Re: Top webapp pentesting vendors? HITESH PATEL (Apr 09)
- RE: Top webapp pentesting vendors? Natali Gotlieb - IBI (Apr 09)
- Re: Top webapp pentesting vendors? David Byrne (Apr 09)
- RE: Top webapp pentesting vendors? Clint P. Garrison (Apr 07)