<div dir="ltr"><div>Hi All:<br><br></div>Dependant on what you're looking for, I've had previous positive experiences with IBM AppScan, HP Fortify (previously called WebInspect) and Veracode. There's more today though to test as well.<br><br>Roy<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 9, 2014 at 11:13 AM, Bernie Mamorbor <span dir="ltr"><<a href="mailto:Bernie.Mamorbor@sas.com" target="_blank">Bernie.Mamorbor@sas.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div link="#0563C1" vlink="#954F72" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I have executed AppScan Enterprise against our solutions with good results.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Dennis, we would all like to hear your results.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Bernie<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <a href="mailto:owasp-boston-bounces@lists.owasp.org" target="_blank">owasp-boston-bounces@lists.owasp.org</a> [mailto:<a href="mailto:owasp-boston-bounces@lists.owasp.org" target="_blank">owasp-boston-bounces@lists.owasp.org</a>]
<b>On Behalf Of </b>George Ehrhorn<br>
<b>Sent:</b> Thursday, October 09, 2014 8:18 AM<br>
<b>To:</b> <a href="mailto:d.antunes@comcast.net" target="_blank">d.antunes@comcast.net</a>; <a href="mailto:mario.desousa@coderedinc.com" target="_blank">mario.desousa@coderedinc.com</a></span></p><div><div class="h5"><br>
<b>Cc:</b> <a href="mailto:Owasp-boston@lists.owasp.org" target="_blank">Owasp-boston@lists.owasp.org</a><br>
<b>Subject:</b> Re: [Owasp-boston] Web application security scanner recommendation<u></u><u></u></div></div><p></p>
</div>
</div><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">We have had very good results with IBM App Scan. At a previous company we had very good results with HP WebInspect.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><br>
Dennis, I think the list would benefit from hearing your results.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
<a href="mailto:owasp-boston-bounces@lists.owasp.org" target="_blank">owasp-boston-bounces@lists.owasp.org</a> [<a href="mailto:owasp-boston-bounces@lists.owasp.org" target="_blank">mailto:owasp-boston-bounces@lists.owasp.org</a>]
<b>On Behalf Of </b><a href="mailto:d.antunes@comcast.net" target="_blank">d.antunes@comcast.net</a><br>
<b>Sent:</b> Wednesday, October 08, 2014 20:54<br>
<b>To:</b> <a href="mailto:mario.desousa@coderedinc.com" target="_blank">mario.desousa@coderedinc.com</a><br>
<b>Cc:</b> <a href="mailto:Owasp-boston@lists.owasp.org" target="_blank">Owasp-boston@lists.owasp.org</a><br>
<b>Subject:</b> Re: [Owasp-boston] Web application security scanner recommendation<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I just did a substantial bakeoff. It really depends on your requirements though.<br>
<br>
See Shay Chen's <a href="http://sectooladdict.blogspot.com" target="_blank">http://sectooladdict.blogspot.com</a> for extensive analysis and try to align your needs.<br>
<br>
Email me off list if you'd like to hear my results. <br>
<br>
Dennis<br>
<br>
<br>
Sent from XFINITY Connect Mobile App<br>
-----Original Message-----<br>
<br>
From: <a href="mailto:mario.desousa@coderedinc.com" target="_blank">mario.desousa@coderedinc.com</a><br>
To: <a href="mailto:jikbal@gmail.com" target="_blank">jikbal@gmail.com</a><br>
Cc: <a href="mailto:Owasp-boston@lists.owasp.org" target="_blank">Owasp-boston@lists.owasp.org</a><br>
Sent: 2014-10-08 18:26:43 GMT<br>
Subject: Re: [Owasp-boston] Web application security scanner recommendation<br>
<br>
I had a good experience with WhiteHat last year. It's a SaaS product... Easy to setup and thorough. They have a service that also includes human review of the application to find security issues that are in the business logic.<br>
<br>
Sent from my iPhone<br>
<br>
> On Oct 8, 2014, at 5:26 PM, "Javed Ikbal" wrote:<br>
> <br>
> I am in the market for a web application scanner.<br>
> <br>
> I have experience with appscan, webinspect and acinetix, although with<br>
> older versions.<br>
> <br>
> I am not looking for a service like Qualys or Whitehat at this time.<br>
> <br>
> Any comments about these and anything else out there?<br>
> <br>
> If you recommend a product, please share why you like it.<br>
> <br>
> [ I am happy to receive comments from salespeople pushing their own<br>
> product, but in that case please email me directly instead of the list<br>
> ]<br>
> <br>
> Thanks in advance.<br>
> <br>
> Javed<br>
> _______________________________________________<br>
> Owasp-boston mailing list<br>
> <a href="mailto:Owasp-boston@lists.owasp.org" target="_blank">Owasp-boston@lists.owasp.org</a><br>
> <a href="https://lists.owasp.org/mailman/listinfo/owasp-boston" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-boston</a><br>
_______________________________________________<br>
Owasp-boston mailing list<br>
<a href="mailto:Owasp-boston@lists.owasp.org" target="_blank">Owasp-boston@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-boston" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-boston</a><u></u><u></u></p>
</div></div></div>
</div>

<br>_______________________________________________<br>
Owasp-boston mailing list<br>
<a href="mailto:Owasp-boston@lists.owasp.org">Owasp-boston@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-boston" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-boston</a><br>
<br></blockquote></div><br></div>