[Owasp-delhi] (IBM AppSCAN & HP Webinspect comparison etc.. ) Automated Vs Manual tools

dotnet nukeus3r dotnetnukeus3r at gmail.com
Tue Mar 2 07:20:05 EST 2010


whilst we are discussing a clear winner.. how about throwing something in to
the mix..

Perhaps extending the conversation to include manual tools.

Do you reckon, Automated tools produce value for money. Is it good enough to
discover every bug, mite, under the wraps?

Or using manual tools still provides an upper hand?

Or a good review of an application should require a mix of both manual tool
and automated tool?

What are your thoughts?

cheers
shekhar
On Tue, Mar 2, 2010 at 11:25 AM, Parthajit Panda <
Parthajit.Panda at gmrgroup.in> wrote:

> Armorize has a Static Code Security Vulnerability Scanner (SCSVS) which
> checks vulnerabilities at the source code level.  AppScan, Webinspect and
> Acunetix are Web Application Security Vulnerability Scanners (WASVS) which
> check for runtime vulnerabilities of web applications.
>
> Regards
> Parthajit
>
> -----Original Message-----
> From: owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] On Behalf Of muxical.geek at gmail.com
> Sent: Tuesday, March 02, 2010 4:36 PM
> To: srikarsagi at yahoo.com; owasp-delhi at lists.owasp.org; AnantharamanIyer
> Subject: Re: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison
>
> "Accuracy", IMHO, matters a lot more than the "number of features". You
> don't want a tool to give you nicely formatted info with a bunch of false
> positives. These scanners are anyways fairly costly.
>
> Talking about commercial tools, I am told Armorize a smart set of tools. On
> the open source front, w3af is definitely worth a look.
>
> -Bipin Upadhyay.
>
> >>Sent from my pwnedBerry(r)
>
> -----Original Message-----
> From: Srikar Sagi <srikarsagi at yahoo.com>
> Date: Tue, 2 Mar 2010 15:28:52
> To: owasp-delhi at lists.owasp.org<owasp-delhi at lists.owasp.org>;
> AnantharamanIyer<anantharaman.iyer at capgemini.com>
> Subject: Re: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
> This e-mail contains information which is confidential and/or legally
> privileged. If you are not the intended recipient , you are hereby notified
> that any disclosure, copying, distribution or the taking of any action in
> reliance on the contents of this e-mail is strictly prohibited. If you have
> received this e-mail in error, please destroy it and notify us by reply
> e-mail or by telephone. Internet E-mail messages may be subject to delays,
> non-delivery and unauthorised alterations and we shall not be responsible
> for the consequence(s) in such event(s). All reasonable precautions have
> been taken to ensure no viruses are present in this E-mail. We cannot accept
> responsibility for loss or damage arising from the use of this E-mail or
> attachments and recommend that you subject these to your virus checking
> procedures prior to use.
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100302/d636188b/attachment.html 


More information about the Owasp-delhi mailing list