RE: FW: Tools comparison and evaluation question (AppScan)

There was a fairly extensive thread on this topic in August if you check
the archives at Security Focus for the subject "Application Assessment"

[Moderator feel free to moderate the following if inappropriate]

My personal experience with WebInspect was chosen by SANS for a What
Works WebCast that aired yesterday.

https://www.sans.org/webcasts/show.php?webcastid=90696 

 
Allen Brokken
Information Security and Account Management - IAT Services - University
of Missouri -brokkena@missouri.edu - (573)884-8708

-----Original Message-----
From: Peter Wood [mailto:peterw@firstbase.co.uk] 
Sent: Friday, February 17, 2006 9:06 AM
To: webappsec@securityfocus.com
Cc: Charles'
Subject: Re: FW: Tools comparison and evaluation question (AppScan)

We use WebInspect on a daily basis too, and have done so since 
version 1.0.  It's an excellent tool with some excellent (and 
constantly improving) utilities.

Pete

At 13:46 17/02/2006 +0000, Xyberpix wrote:
> I use WebInspect pretty much ona  daily basis, and wouldn't trade it
> for anything.
> As far as tools go, it really is a worthwhile addition.
>
> xyberpix
>
> > -----Original Message-----
> > From: Burke, Charles
> > Sent: Friday, February 17, 2006 7:47 AM
> > To: 'Serg Belokamen'
> > Subject: RE: Tools comparison and evaluation question (AppScan)
> >
> > Also, WebInspect is a very good (commercial) tool.  It also includes
> > some invaluable utilities (Sql Injector, etc) that are a step above
> > their open source competitors.
> >
> > -----Original Message-----
> > From: Serg Belokamen [serg.belokamen@gmail.com]
> > Sent: Friday, February 17, 2006 2:04 AM
> > To: webappsec@securityfocus.com
> > Subject: Tools comparison and evaluation question (AppScan)
> >
> >
> > Hi All,
> >
> > I am currently looking at using/evaluating a tool called AppScan (by
> > watchfire.com).
> >
> > So the question is in two parts and ASAP reply would be greatly
> > appreciated.
> >
> > First:
> > Without starting a flame war (hopefully) or marketing campaign
(another
> > hopefully) can any one tell me abut their experience with the
software,
> > what you find useful about it, what not, any annoyances, missing
> > functionality, etc.
> >
> > Second:
> > Can anyone recommend any simular type of software, preferably open
> > source (although not at all essential), and describe its performance,
> > usability and "usefulness" so to speak using AppScan as a reference
> > point.
> >
> >   Thanks,
> >       Serg


--------------------------------------------------------------------
Peter Wood FBCS CITP MIEEE MIMIS CISSP
Chief of Operations
First Base Technologies
Office: +44 (0)1273 454525
Mobile: +44 (0)7774 239915
www.fbtechies.co.uk
www.white-hats.co.uk


------------------------------------------------------------------------
-
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
l
------------------------------------------------------------------------
--


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------