[Owasp-boston] Web application security scanner recommendation

Roy Wattanasin roywatt at acm.org
Thu Oct 9 16:58:54 UTC 2014


Hi All:

Dependant on what you're looking for, I've had previous positive
experiences with IBM AppScan, HP Fortify (previously called WebInspect) and
Veracode. There's more today though to test as well.

Roy

On Thu, Oct 9, 2014 at 11:13 AM, Bernie Mamorbor <Bernie.Mamorbor at sas.com>
wrote:

>  I have executed AppScan Enterprise against our solutions with good
> results.
>
>
>
> Dennis, we would all like to hear your results.
>
>
>
> Thanks,
>
> Bernie
>
>
>
> *From:* owasp-boston-bounces at lists.owasp.org [mailto:
> owasp-boston-bounces at lists.owasp.org] *On Behalf Of *George Ehrhorn
> *Sent:* Thursday, October 09, 2014 8:18 AM
> *To:* d.antunes at comcast.net; mario.desousa at coderedinc.com
>
> *Cc:* Owasp-boston at lists.owasp.org
> *Subject:* Re: [Owasp-boston] Web application security scanner
> recommendation
>
>
>
> We have had very good results with IBM App Scan. At a previous company we
> had very good results with HP WebInspect.
>
>
> Dennis, I think the list would benefit from hearing your results.
>
>
>
>
>
> *From:* owasp-boston-bounces at lists.owasp.org [
> mailto:owasp-boston-bounces at lists.owasp.org
> <owasp-boston-bounces at lists.owasp.org>] *On Behalf Of *
> d.antunes at comcast.net
> *Sent:* Wednesday, October 08, 2014 20:54
> *To:* mario.desousa at coderedinc.com
> *Cc:* Owasp-boston at lists.owasp.org
> *Subject:* Re: [Owasp-boston] Web application security scanner
> recommendation
>
>
>
> I just did a substantial bakeoff. It really depends on your requirements
> though.
>
> See Shay Chen's http://sectooladdict.blogspot.com for extensive analysis
> and try to align your needs.
>
> Email me off list if you'd like to hear my results.
>
> Dennis
>
>
> Sent from XFINITY Connect Mobile App
> -----Original Message-----
>
> From: mario.desousa at coderedinc.com
> To: jikbal at gmail.com
> Cc: Owasp-boston at lists.owasp.org
> Sent: 2014-10-08 18:26:43 GMT
> Subject: Re: [Owasp-boston] Web application security scanner recommendation
>
> I had a good experience with WhiteHat last year. It's a SaaS product...
> Easy to setup and thorough. They have a service that also includes human
> review of the application to find security issues that are in the business
> logic.
>
> Sent from my iPhone
>
> > On Oct 8, 2014, at 5:26 PM, "Javed Ikbal" wrote:
> >
> > I am in the market for a web application scanner.
> >
> > I have experience with appscan, webinspect and acinetix, although with
> > older versions.
> >
> > I am not looking for a service like Qualys or Whitehat at this time.
> >
> > Any comments about these and anything else out there?
> >
> > If you recommend a product, please share why you like it.
> >
> > [ I am happy to receive comments from salespeople pushing their own
> > product, but in that case please email me directly instead of the list
> > ]
> >
> > Thanks in advance.
> >
> > Javed
> > _______________________________________________
> > Owasp-boston mailing list
> > Owasp-boston at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-boston
> _______________________________________________
> Owasp-boston mailing list
> Owasp-boston at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-boston
>
> _______________________________________________
> Owasp-boston mailing list
> Owasp-boston at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-boston
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20141009/bc65cf07/attachment.html>


More information about the Owasp-boston mailing list