Re: Which Commercial Web App Scanner?



I would suggest identifying what you need before selecting a product.
The Web Application Security Consortium has just published a guide on how to do exactly this
at http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria .

Regards,
- Robert
http://www.cgisecurity.com/
http://www.webappsec.org/
http://www.qasec.com/

Folks=2C

I've read the threads=2C last one about 5 months ago...

http://seclists.org/webappsec/2009/q2/68

and whilst very helpful=2C I'm still in a quandry.

AppScan is expensive=2C so assuming that leaves WebInspect and Acunetix whi=
ch one would you personally choose?

I've done a very small amount of evaluation - I like the initial feel of
Acunetix (and it includes GHDB checks - however is that really
needed?)=2C but my head is saying WebInspect.=A0 I've seen people recommend
both.

If you were to make a final decision=2C which would you buy between Acuneti=
x and WebInspect (to be used in conjunction with open source tools) - based=
purely on the usability=2C functionality and efficiency of the product=2C =
not the aftersales support?

Many thanks. =0A=
_________________________________________________________________=0A=
Use Hotmail to send and receive mail from your different email accounts.=0A=
http://clk.atdmt.com/UKM/go/167688463/direct/01/=

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: OSCP ?
    ... I like to say that the OSCP training is like a set of carpenter tools. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: OSCP ?
    ... Also IMHO if they exam was like the material then where is the challenge? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Software to Correlate traffic from various devices
    ... Information Assurance Certification Review ... IACRB CPT and CEPT certs require ... a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: OSCP ?
    ... exploits and practice other chapters covered in the course. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Software to Correlate traffic from various devices
    ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)