[OWASP-Bangalore] Application security assessment tool?

Bishan Singh c70n3r at gmail.com
Thu Feb 26 13:06:06 EST 2009


Niranjan - I am a great fan of open source security tools, sadly there
aren't comparable tools like Nessus on the application front from the
open source.

Having used AppScan, WebInspect and Acunetix, I would recommend
AppScan for several reasons. I have used these tools over hundreds of
applications over several years. There were times when WebInspect lead
the pack. Since a year or so I find AppScan a few steps well ahead of
WebInspect.

I work for IBM, that might give you a feeling of biased opinion. I
recommend you run WebInspect and AppScan evaluation versions at your
end and learn for yourself as to what best meets your requirement.

All the best!

On Thu, Feb 26, 2009 at 10:18 AM, Niranjan Patil
<niranjan.patil at gmail.com> wrote:
> Hi team,
>
> Need your help here.
> I work as an infosec manager and I have a strange request from a dev
> team for an application security assessment tool!
> I know it sounds little naive, but what they are looking for is
> something in the lines of Nessus but are ok if it’s not comprehensive
> one.
> They did understood when I explained about OWASP guidelines, OWASP top
> ten, SANS/MITRE top 25, webappsec.org, etc.. For them, a tool which
> can quickly scan and give out vulnerabilities/ exploits quickly is
> desired.
>
> --
> Regs,
> Niranjan
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>



-- 
GNET, CISSP
http://apps3c.blogspot.com


More information about the OWASP-Bangalore mailing list