Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Tools comparison and evaluation question (AppScan)

from [Peine,Holger] Network Security [Permanent Link]
Subject: RE: Tools comparison and evaluation question (AppScan)
Date: Fri, 17 Feb 2006 08:56:55 +0100 
Serge,
(and whoever else on this list it may concern),


Without starting a flame war (hopefully) or marketing campaign
(another hopefully) can any one tell me abut their experience with the
software, what you find useful about it, what not, any annoyances,
missing functionality, etc.


A few months ago I completed a fairly extensive review of various
tools: AppScan (5.0 - note they offer 6.0 now), WebInspect, Acunetix, 
Burp, WebScarab, Spike Proxy, and some minor remarks on a few other
tools. 
I used two applications as benchmarks: WebGoat and a commercial
proprietary 
application in production use by the customer that paid this evaluation 
(sorry, NDA prevents me to say anything more about that). The report
totals 
to about 170 pages.

BUT now comes the catch: It's in German. If you can read that, and
ideally
a few more people demand the same thing, I would go the trouble of
clearing
any mentionings of our customer from it and getting a publishing permit
from them (no idea how long that will take, could be days or months).

So, can you read German? Anyone else?
 

Second:
Can anyone recommend any simular type of software, preferably open
source (although not at all essential), and describe its performance,
usability and "usefulness" so to speak using AppScan as a reference
point.


Yes, that's also in that report.

Kind regards,
Holger Peine

-- 
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany
Phone +49-631-6800-2134, Fax -1299 (shared)
PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE
2BBB C126 A592 48EA F9F8
  



-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Tools comparison and evaluation question (AppScan), Serg Belokamen
Next by Date:  Re: Tools comparison and evaluation question (AppScan), Lucien Fransman
Previous by Thread:  RE: Tools comparison and evaluation question (AppScan), arian.evans
Next by Thread:  Re: Tools comparison and evaluation question (AppScan), Lucien Fransman
Indexes:  [Date] [Thread] [Top] [All Lists]