On May 5th, I posted the URL for a comparison report on web app security
scanners
to this list:
http://fhgonline.fraunhofer.de/server?suche-publica&num=048.06/D&iese
Here is what I wrote about the contents of the report at that time:
"As I had mentioned in another posting to this list some time ago,
a few months ago I completed a fairly extensive review of various
tools: AppScan, WebInspect, Acunetix, (note AppScan and WebInspect
have produced new versions since then), Burp, WebScarab, Spike Proxy,
and some minor remarks on a few other tools. I used two applications as
benchmarks: WebGoat and a proprietary application in production use.
The report totals to about 170 pages."
However, at that time in May, there was no English translation of the
German
original, which many people have asked for meanwhile. Yesterday, I was
surprised to hear that Cenzic Inc. have had the report translated. So
here is
the English version now, a bit rough on the edges, but you will
certainly
get the picture:
http://www.iese.fraunhofer.de/download/Security-Checker-Tools-for-Web-Ap
plications.pdf
(that link will be valid for four weeks from today).
My thanks go to Cenzic for this contribution to the community.
Kind regards,
Holger Peine
--
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany
Phone +49-631-6800-2134, Fax -1899 (shared)
PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE
2BBB C126 A592 48EA F9F8
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
