[Owasp-delhi] IBM AppSCAN & HP Webinspect comparison

chintan dave davechintan at gmail.com
Tue Mar 2 06:13:13 EST 2010


If I am not wrong, Larry Suto was part of NTO Spider Team.

The following link is also interesting, although it doesn't refer to current
paper, but helps in identifying author :P

http://ha.ckers.org/blog/20080102/larry-sutos-paper-drama/


On Tue, Mar 2, 2010 at 3:28 PM, Srikar Sagi <srikarsagi at yahoo.com> wrote:

> it all boils down to value for money; how many features a tool has for the
> same money how much it compares with other tool(s).
>
> Thanks & Regards,
>
> Srikar Sagi
> 09342-8648-18/0917-66-176-99
>
>
> --- On *Tue, 2/3/10, Iyer, Anantharaman <anantharaman.iyer at capgemini.com>*wrote:
>
>
> From: Iyer, Anantharaman <anantharaman.iyer at capgemini.com>
> Subject: Re: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison
> To: "owasp-delhi at lists.owasp.org" <owasp-delhi at lists.owasp.org>
> Date: Tuesday, 2 March, 2010, 10:48 AM
>
>
>  I feel every scanner has its pros & cons, so the only way to determine
> the best for your needs are to test it against your applications before
> making a final call. I have been reading reports and reviews by many authors
> and no two reports point out a clear winner.
>
>
>
>  I am attaching one more report published in Feb 2010 on web application
> scanners comparison.
>
>
>
> Gautam, this report will give some reason to re-consider WebInspect and
> consider NTOSpider ;-)
>
>
>
> Regards,
>
>
> Anantharaman Iyer
>
>
>
>
>
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *John, Arun (HP
> Software-as-a-Service)
> *Sent:* Monday, March 01, 2010 9:05 PM
> *To:* Gautam Pagedar; Abir Banerjee
> *Cc:* owasp-delhi at lists.owasp.org
> *Subject:* Re: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison
>
>
>
> So has HP/SpiDynamics with Assessment Management Platform.
>
> www.hp.com/go/securitysoftware for info on these tools.
>
>
>
> Regards
>
> John
>
>
>
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *Gautam Pagedar
> *Sent:* Monday, March 01, 2010 9:29 AM
> *To:* Abir Banerjee
> *Cc:* owasp-delhi at lists.owasp.org
> *Subject:* Re: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison
>
>
>
> It great to see the comparison. We are using AppScan for more than 5 years
> now and I somehow feel that it does not give me full control to do
> everything.
>
>
>
> Its of course a good tool for novice starting AppSec. We also use Cenzic
> and it give me some extra features and maybe also a way to compare every
> time I get into a engagement.
>
>
>
> FYI, AppScan has a Enterprise version and its a cool tool for a enterprise
> wise deployment and getting AppSec testing into SDLC.
>
>
>
> Abir,
>
>
>
> Thanks for this report. It gives me a good reason to try WebInspect :-)
>
>
>
> thanks,
>
> Gautam
>
>  ----- Original Message -----
>
> *From:* Abir Banerjee <http://mc/[email protected]>
>
> *To:* manikgupta19 at sqatester.com<http://mc/[email protected]>
>
> *Cc:* owasp-delhi at lists.owasp.org<http://mc/[email protected]>
>
> *Sent:* Saturday, February 27, 2010 7:24 AM
>
> *Subject:* Re: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison
>
>
>
> Hello Manik,
>
>
>
> Webinspect is much better than Appscan since appscan shows up a lot of
> false positives and the best web vulnerablity canner would be Acunetix WVS +
> Acusensor. Please the comparision file attached.
>
> Regards,
>
>
>
> Abeer Banerjee
>
> +91 9987099708
>   ------------------------------
>
> *From:* Manik Gupta <manikgupta19 at sqatester.com<http://mc/[email protected]>
> >
> *To:* owasp-delhi at lists.owasp.org<http://mc/[email protected]>
> *Sent:* Mon, 22 February, 2010 10:22:14 AM
> *Subject:* [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison
>
> Hi,
>
>
>
> Kindly let me know which tool is better for penetration testing among IBM
> AppSCAN & HP Webinspect.
>
>
>
>
>
> Regards,
>
> Manik
>
>
>
>  ------------------------------
>
> Join SQAtester.com Community  --->
> http://www.sqatester.com/testersarea/joinus.htm
>
>
>  ------------------------------
>
> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW!<http://in.rd.yahoo.com/tagline_ie8_new/*http:/downloads.yahoo.com/in/internetexplorer/>.
>
>  ------------------------------
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
>
>
>
>
> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is
> intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to
> read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message
> in error, please notify the sender immediately and delete all copies of this message.
>
>
> -----Inline Attachment Follows-----
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org<http://mc/[email protected]>
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
> ------------------------------
> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW!<http://in.rd.yahoo.com/tagline_ie8_new/*http://downloads.yahoo.com/in/internetexplorer/>
> .
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Regards,
Chintan Dave,

LinkedIn Profile: http://www.linkedin.com/in/chintandave
Blog:http://www.chintandave.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100302/0097d5a6/attachment-0001.html 


More information about the Owasp-delhi mailing list