Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Of the three expensive vulnerability scanners

from [Don Tuer] Network Security [Permanent Link]
Subject: RE: Of the three expensive vulnerability scanners
Date: Fri, 8 Oct 2004 09:26:45 -0400 
Excellent paper, should be mandatory reading for all developers! Thanks.

-----Original Message-----
From: Joe Basirico [mailto:jbasirico@sisecure.com] 
Sent: Thursday, October 07, 2004 9:09 PM
To: managingrisk@gmail.com; webappsec@securityfocus.com
Subject: RE: Of the three expensive vulnerability scanners

I recently wrote a security report on vulnerability scanners that you
might
want to check out. I reviewed 25 scanners that might help you make a
decision. In my report I talk about what scanners do and how they do it,
then in the Tool review (last page) each tool is individually reviewed
with
an overview, strengths, weaknesses, price and some other criteria. This
Security Report was intended for the audience to decide which tools
hackers
are learning to help compromise your servers.

This is normally a subscription only report but it's free until November
30th.

http://www.securityinnovation.com/security-report/vulnScanners1.htm

Thank you,
Joe Basirico
SECURITYINNOVATION - Software Security Engineer
http://www.securityinnovation.com
jbasirico@sisecure.com
206-227-6458

 -----Original Message-----
From: managingrisk@gmail.com [mailto:managingrisk@gmail.com] 
Sent: Thursday, October 07, 2004 8:31 AM
To: webappsec@securityfocus.com
Subject: Of the three expensive vulnerability scanners



I am trying to decide which of the three, supposedly "grade A"
application
vulnerability scanners suits our needs the best. I am looking at :

1. AppScan
2. Scando
3. WebInspect

(are there others I should be looking at ? )

Obviously, each claims to be the best. That's why I look to you folks to
help me out here. I would appreciate it if members of the list would
share
with me their experiences with the tools I listed above. Specifically
around
what their weaknesses, strengths, gotchas, etc are.

Personally I have been using Atstake's WebProxy and I am not impressed
with
it at all.

Thank you.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ASP vs. ASP.NET, Bénoni MARTIN
Next by Date:  Re: Web Forms filtered with SQL constraints, Saphyr
Previous by Thread:  RE: Of the three expensive vulnerability scanners, Joe Basirico
Next by Thread:  Re: Of the three expensive vulnerability scanners, Cesar
Indexes:  [Date] [Thread] [Top] [All Lists]