|

Web App Security

Recommendation for web app scanner

View: New views

9 Messages — Rating Filter: Alert me

	Recommendation for web app scanner by Joe S-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I need a new web app scanner with features similar to Acunetix for around the same price. We've been using Acunetix for a few years, but they won't return my calls (is 3 enough?) to renew, so I'm moving on. I'm not experienced enough to do my own assessment by hand. I can't afford web app services like White Hat. Any help would be appreciated.
	Re: Recommendation for web app scanner by Matias.txt . :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Joe, i have been use acunetix for long time and i can say it is a good option to work , but , in the last year i work with w3af too and i can say w3af rulez! :D , is really a VERY good program, seriously and FREE. bye. Matias On Wed, May 20, 2009 at 3:51 PM, Joe S <js.lists@...> wrote: > I need a new web app scanner with features similar to Acunetix for > around the same price. > > We've been using Acunetix for a few years, but they won't return my > calls (is 3 enough?) to renew, so I'm moving on. > > I'm not experienced enough to do my own assessment by hand. > > I can't afford web app services like White Hat. > > Any help would be appreciated. > > > -- ----------------------------------------------------------- ----------------------------------------------------------- Matias N. Sliafertas
	Re: Recommendation for web app scanner by Rory McCune-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Depending on what you're looking for burp suite professional may be worth a look (www.portswigger.net). The current version has a scanner which will find some of the same classes of vulnerability as acunetix... Outside of that AFAIK most of the web app scanners (appscan, hailstorm, webinspect) are quite a bit more expensive than acunetix.... HTH Rory Sent from my iPhone On 20 May 2009, at 19:51, Joe S <js.lists@...> wrote: > I need a new web app scanner with features similar to Acunetix for > around the same price. > > We've been using Acunetix for a few years, but they won't return my > calls (is 3 enough?) to renew, so I'm moving on. > > I'm not experienced enough to do my own assessment by hand. > > I can't afford web app services like White Hat. > > Any help would be appreciated. > >
	RE: Recommendation for web app scanner by SecLists Ertech Systems :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Joe, Sandcat Professional by Syhunt (www.syhunt.com) is a great web app scanner. Best regards, Renato Andalik -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of Joe S Sent: Wednesday, May 20, 2009 3:52 PM To: webappsec@... Subject: Recommendation for web app scanner I need a new web app scanner with features similar to Acunetix for around the same price. We've been using Acunetix for a few years, but they won't return my calls (is 3 enough?) to renew, so I'm moving on. I'm not experienced enough to do my own assessment by hand. I can't afford web app services like White Hat. Any help would be appreciated.
	Re: Recommendation for web app scanner by mittalu :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message You can go for the IBM rational App scan. And i have heard some good reviews about NT objective scanner also Regards utsav Quoting Joe S <js.lists@...>: > I need a new web app scanner with features similar to Acunetix for > around the same price. > > We've been using Acunetix for a few years, but they won't return my > calls (is 3 enough?) to renew, so I'm moving on. > > I'm not experienced enough to do my own assessment by hand. > > I can't afford web app services like White Hat. > > Any help would be appreciated. > > >
	RE: Recommendation for web app scanner by Randal T. Rioux :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Watchfire (AppScan) was great until IBM bought them (the Symantec syndrome...). WebInspect was great until HP bought them (HP just sucks all around). It's a tough market for management friendly report generating Web app scanners. NIST keeps a nice list: http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html I tested Hailstorm once, it didn't perform as well as I hoped for the asking price. Good luck! Randy >I need a new web app scanner with features similar to Acunetix for >around the same price. > >We've been using Acunetix for a few years, but they won't return my >calls (is 3 enough?) to renew, so I'm moving on. > >I'm not experienced enough to do my own assessment by hand. > >I can't afford web app services like White Hat. > >Any help would be appreciated. > >
	RE: Recommendation for web app scanner by Brian Shura :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I would suggest trying out a number of these tools to see which one best meets your needs. For the commercial scanners, it's easy to get a 2-week evaluation license from the vendors if you want to see the capabilities of the tool before making a purchase decision. The Web Application Scanner Evaluation Criteria (WASSEC) from WASC provides a list of scanner capabilities that should be taken into consideration and advice for conducting an evaluation. I expect that we'll be releasing Version 1 of the WASSEC within the next month, but at this point the draft document is almost complete and is already being used to help "raise the bar" for web application scanning tools. This document can be found here: http://sites.google.com/site/wassec/final-draft I would also suggest taking vague comments like "AppScan and WebInspect suck now because they were bought by IBM and HP" with a grain of salt. Give the tools a try and decide for yourself whether or not they work for you. If there are things that you don't like about a particular tool or think need to be improved, tell the vendor or developer and be as specific as possible. If you're right and they care, it will lead to improvements in the tool. Thanks, Brian -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of Randal T. Rioux Sent: Friday, May 22, 2009 1:06 PM To: webappsec@...; js.lists@... Subject: RE: Recommendation for web app scanner Watchfire (AppScan) was great until IBM bought them (the Symantec syndrome...). WebInspect was great until HP bought them (HP just sucks all around). It's a tough market for management friendly report generating Web app scanners. NIST keeps a nice list: http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html I tested Hailstorm once, it didn't perform as well as I hoped for the asking price. Good luck! Randy >I need a new web app scanner with features similar to Acunetix for >around the same price. > >We've been using Acunetix for a few years, but they won't return my >calls (is 3 enough?) to renew, so I'm moving on. > >I'm not experienced enough to do my own assessment by hand. > >I can't afford web app services like White Hat. > >Any help would be appreciated. > >
	Re: Recommendation for web app scanner by Eric Marden :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I assume you're already using the free tools, like those contained on the AppSecLive.org live cd? Eric Marden xentek: enlightened internet solutions http://xentek.net/ On May 22, 2009, at 4:05 PM, Randal T. Rioux wrote: > Watchfire (AppScan) was great until IBM bought them (the Symantec > syndrome...). WebInspect was great until HP bought them (HP just > sucks all around). It's a tough market for management friendly > report generating Web app scanners. > > NIST keeps a nice list: > > http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html > > I tested Hailstorm once, it didn't perform as well as I hoped for > the asking price. Good luck! > > Randy > >> I need a new web app scanner with features similar to Acunetix for >> around the same price. >> >> We've been using Acunetix for a few years, but they won't return my >> calls (is 3 enough?) to renew, so I'm moving on. >> >> I'm not experienced enough to do my own assessment by hand. >> >> I can't afford web app services like White Hat. >> >> Any help would be appreciated. >> >> > >
	Re: Recommendation for web app scanner by Randal T. Rioux :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I agree that folks should try the products for themselves. Also, I didn't say why HP and IBM smudged the software. I guess I need to be more clear, as I've worked with them both extensively both before and after the mergings. Basically, they bought the products and gave up. The customer support disappeared and the quality diminished. This happens a lot when a large company buys the smaller, more specialized ones. It isn't specific to all large companies, but it is very prolific with some. That being said, any company that charges more than a few thousand dollars for their product will work with you extensively to sell you that product. Just don't trust their words on post-sale support. Check with others (as you did) both on lists and off to measure satisfaction. Randy Brian Shura wrote: > I would suggest trying out a number of these tools to see which one best > meets your needs. For the commercial scanners, it's easy to get a 2-week > evaluation license from the vendors if you want to see the capabilities of > the tool before making a purchase decision. > > The Web Application Scanner Evaluation Criteria (WASSEC) from WASC provides > a list of scanner capabilities that should be taken into consideration and > advice for conducting an evaluation. I expect that we'll be releasing > Version 1 of the WASSEC within the next month, but at this point the draft > document is almost complete and is already being used to help "raise the > bar" for web application scanning tools. This document can be found here: > > http://sites.google.com/site/wassec/final-draft > > I would also suggest taking vague comments like "AppScan and WebInspect suck > now because they were bought by IBM and HP" with a grain of salt. Give the > tools a try and decide for yourself whether or not they work for you. If > there are things that you don't like about a particular tool or think need > to be improved, tell the vendor or developer and be as specific as possible. > If you're right and they care, it will lead to improvements in the tool. > > Thanks, > Brian > > -----Original Message----- > From: listbounce@... [mailto:listbounce@...] On > Behalf Of Randal T. Rioux > Sent: Friday, May 22, 2009 1:06 PM > To: webappsec@...; js.lists@... > Subject: RE: Recommendation for web app scanner > > Watchfire (AppScan) was great until IBM bought them (the Symantec > syndrome...). WebInspect was great until HP bought them (HP just sucks all > around). It's a tough market for management friendly report generating Web > app scanners. > > NIST keeps a nice list: > > http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html > > I tested Hailstorm once, it didn't perform as well as I hoped for the asking > price. Good luck! > > Randy > >> I need a new web app scanner with features similar to Acunetix for >> around the same price. >> >> We've been using Acunetix for a few years, but they won't return my >> calls (is 3 enough?) to renew, so I'm moving on. >> >> I'm not experienced enough to do my own assessment by hand. >> >> I can't afford web app services like White Hat. >> >> Any help would be appreciated. >> >> > >