[Owasp-dotnet] [Fwd: SPI Dynamics Wins Secure Enterprise Testers Choice]
Dinis Cruz
dinis at ddplus.net
Tue Sep 13 03:00:19 EDT 2005
Once again, more references to Spy Dynamics use of the Owasp Top 10!
I think it is time for us to ask Spy Dynamic how they use the Owasp Top
10 in their product, what claims are they making and how exactly they
are testing this.
Is anybody out there with some spare cycles that could write this
'official' letter from Owasp to Spy Dynamics?
I am also quite interested in knowing more information about the actual
results (since this article almost doesn't talk about it, it mainly
talks about the functionality of these tools, not its effectiveness in
detecting vulnerabilities)
Dinis Cruz
Owasp .Net Project Leader
Daniel Cuthbert wrote:
> Loads
>
> The reason it works is that it has loads of shiny buttons and the
> marketing department claims it to be the best
> They only let you test it on their vulnerable web site, but anyone
> with a small sense can guess its been designed to "find" all those holes
>
> Easy tip for anyone wanting to totally stuff the automated scanners:
> Make Apache/IIS return 200 OK's for EVERY request. This will make it
> light up like a christmas tree for vulnerabilities found
>
>
> On 12 Sep 2005, at 21:44, Dinis Cruz wrote:
>
>> Any comments?
>>
>> *From: *SPI Dynamics <news at spidynamics.com <mailto:news at spidynamics.com>>
>> *Date: *12 September 2005 20:30:48 BDT
>> *To: *dinis at ddplus.net <mailto:dinis at ddplus.net>
>> *Subject: **SPI Dynamics Wins Secure Enterprise Testers Choice*
>> *Reply-To: *news at spidynamics.com <mailto:news at spidynamics.com>
>>
>>
>>
>> SPI Dynamics and Microsoft
>> Webcast: The Hacker Evolution: New Trends in Application
>> Vulnerabilities and Exploits
>>
>> *
>> <http://sdm3.rm04.net/ctt?kn=3&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1>*
>>
>> **
>>
>> Secure Enterprise Magazine chose SPI Dynamics WebInspect 5.5 as the
>> Testers Choice product in a recent Web Application vulnerability
>> scanner product review. Read the entire Secure Enterprise review at:
>> http://www.spidynamics.com/assets/documents/SecureEnterprise_WI5.5_review.pdf
>> <http://sdm3.rm04.net/ctt?kn=6&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1>
>>
>>
>> *
>> <http://sdm3.rm04.net/ctt?kn=5&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1>**
>> To test your Web Application, download our complimentary 15-day
>> product trial that delivers a comprehensive vulnerability report.
>> *
>>
>>
>> WebInspect Enterprise Edition 5.5. delivers a complete enterprise
>> solution for addressing security throughout the application lifecycle.
>> Learn More>>>
>> <http://sdm3.rm04.net/ctt?kn=2&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1>
>>
>> *SPI Dynamics, Inc.
>> *115 Perimeter Center Pl. NE.
>> Suite 1100
>> Atlanta GA 30346
>> 678.781.4800
>> sales at spidynamics.com <mailto:sales at spidynamics.com>
>> Toll-Free: 1.866.SPI.2700 (1.866.774.2700) www.spidynamics.com
>> <http://www.spidynamics.com/>
>>
>>
>>
>> Please Remove Me From This Mailing
>> <http://sdm3.rm04.net/ui/modules/display/optOut.jsp?&m=396643&r=MTYwNjMwNzA1NAS2&j=Nzc2MzQxMwS2&mt=1>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-dotnet/attachments/20050913/4e95939f/attachment.html
More information about the Owasp-dotnet
mailing list