Re: Which Commercial Web App Scanner?

From: bugtraq@xxxxxxxxxxxxxxx
Date: Tue, 13 Oct 2009 14:46:32 -0400 (EDT)

I would suggest identifying what you need before selecting a product.
The Web Application Security Consortium has just published a guide on how to do exactly this
at http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria .

Regards,
- Robert
http://www.cgisecurity.com/
http://www.webappsec.org/
http://www.qasec.com/

Folks=2C

I've read the threads=2C last one about 5 months ago...

http://seclists.org/webappsec/2009/q2/68

and whilst very helpful=2C I'm still in a quandry.

AppScan is expensive=2C so assuming that leaves WebInspect and Acunetix whi=
ch one would you personally choose?

I've done a very small amount of evaluation - I like the initial feel of
Acunetix (and it includes GHDB checks - however is that really
needed?)=2C but my head is saying WebInspect.=A0 I've seen people recommend
both.

If you were to make a final decision=2C which would you buy between Acuneti=
x and WebInspect (to be used in conjunction with open source tools) - based=
purely on the usability=2C functionality and efficiency of the product=2C =
not the aftersales support?

Many thanks. =0A=
_________________________________________________________________=0A=
Use Hotmail to send and receive mail from your different email accounts.=0A=
http://clk.atdmt.com/UKM/go/167688463/direct/01/=

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

References:
- Which Commercial Web App Scanner?
  - From: Norma Snockers

Prev by Date: Re: Penetration Testing Literature
Next by Date: RE: Which Commercial Web App Scanner?
Previous by thread: Which Commercial Web App Scanner?
Next by thread: RE: Which Commercial Web App Scanner?
Index(es):
- Date
- Thread

Relevant Pages

Re: OSCP ?
... I like to say that the OSCP training is like a set of carpenter tools. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)
Re: OSCP ?
... Also IMHO if they exam was like the material then where is the challenge? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)
Re: Software to Correlate traffic from various devices
... Information Assurance Certification Review ... IACRB CPT and CEPT certs require ... a full practical examination in order to become certified. ...
(Pen-Test)
Re: Software to Correlate traffic from various devices
... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)
Re: OSCP ?
... exploits and practice other chapters covered in the course. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)