[Owasp-bostonfinancialdist] [Owasp-boston] anyone using or evaling web app vulnerability scanner?
Jonathan Cran
jcran at 0x0e.org
Mon Nov 2 14:38:24 EST 2009
Jim,
You may want to take a look at the recently released Web Application
Security Scanner Evaluation Criteria (WASSEC) - more than a mouthful,
it's quite handy if you're evaluating scanners.
jcran
Jonathan Cran
jcran at 0x0e.org / jcran at rapid7.com
On Mon, Nov 2, 2009 at 8:23 AM, Scott Matsumoto <smatsumoto at cigital.com> wrote:
> James,
>
> Cigital also offer black-box and (coming soon) white-box outsourcing. Send me a priviate email if you're interested.
> ________________________________
> From: owasp-boston-bounces at lists.owasp.org [owasp-boston-bounces at lists.owasp.org] On Behalf Of james at architectbook.com [james at architectbook.com]
> Sent: Monday, November 02, 2009 8:15 AM
> To: Weiler,Jim
> Cc: owasp-boston at lists.owasp.org; owasp-bostonfinancialdist at lists.owasp.org
> Subject: Re: [Owasp-boston] anyone using or evaling web app vulnerability scanner?
>
> We currently own both WebInspect and Appscan. Do to lack of resources, we are looking to outsource scanning and evaluating Whitehat and Redspin.
>
> Will send you some free times to chat...
> -------- Original Message --------
> Subject: [Owasp-boston] anyone using or evaling web app vulnerability
> scanner?
> From: "Weiler, Jim" <Jim.Weiler at starwoodhotels.com>
> Date: Mon, November 02, 2009 7:23 am
> To: <owasp-boston at lists.owasp.org>,
> <owasp-bostonfinancialdist at lists.owasp.org>
>
> I'm doing an evaluation of web app vulnerability scanners and have used one before - I'd like to have an off line conversation to share information and experiences with anybody else using or evaluating this type of tool.
>
> Thanks, Jim
>
> Jim Weiler CISSP CSSLP
> Starwood Hotels and Resorts
> Sr. Mgr. Information Security Risk Assessment
> Office - 781 356 0067
> Cell - 781 654 6048
>
> This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.
> ________________________________
> _______________________________________________
> Owasp-boston mailing list
> Owasp-boston at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-boston
> _______________________________________________
> Owasp-boston mailing list
> Owasp-boston at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-boston
>
More information about the Owasp-bostonfinancialdist
mailing list