[Owasp-delhi] IBM AppSCAN & HP Webinspect comparison

muxical.geek at gmail.com muxical.geek at gmail.com
Tue Mar 2 07:34:35 EST 2010


Oops! My mistake.

-Bipin Upadhyay.

»»Sent from my pwnedBerry®

-----Original Message-----
From: Parthajit Panda <Parthajit.Panda at gmrgroup.in>
Date: Tue, 2 Mar 2010 16:55:03 
To: muxical.geek at gmail.com<muxical.geek at gmail.com>; srikarsagi at yahoo.com<srikarsagi at yahoo.com>; owasp-delhi at lists.owasp.org<owasp-delhi at lists.owasp.org>; AnantharamanIyer<anantharaman.iyer at capgemini.com>
Subject: RE: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison

Armorize has a Static Code Security Vulnerability Scanner (SCSVS) which checks vulnerabilities at the source code level.  AppScan, Webinspect and Acunetix are Web Application Security Vulnerability Scanners (WASVS) which check for runtime vulnerabilities of web applications.

Regards
Parthajit

-----Original Message-----
From: owasp-delhi-bounces at lists.owasp.org [mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of muxical.geek at gmail.com
Sent: Tuesday, March 02, 2010 4:36 PM
To: srikarsagi at yahoo.com; owasp-delhi at lists.owasp.org; AnantharamanIyer
Subject: Re: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison

"Accuracy", IMHO, matters a lot more than the "number of features". You don't want a tool to give you nicely formatted info with a bunch of false positives. These scanners are anyways fairly costly.

Talking about commercial tools, I am told Armorize a smart set of tools. On the open source front, w3af is definitely worth a look.

-Bipin Upadhyay.

>>Sent from my pwnedBerry(r)

-----Original Message-----
From: Srikar Sagi <srikarsagi at yahoo.com>
Date: Tue, 2 Mar 2010 15:28:52
To: owasp-delhi at lists.owasp.org<owasp-delhi at lists.owasp.org>; AnantharamanIyer<anantharaman.iyer at capgemini.com>
Subject: Re: [Owasp-delhi] IBM AppSCAN & HP Webinspect comparison

_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi

_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi

This e-mail contains information which is confidential and/or legally privileged. If you are not the intended recipient , you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this e-mail is strictly prohibited. If you have received this e-mail in error, please destroy it and notify us by reply e-mail or by telephone. Internet E-mail messages may be subject to delays, non-delivery and unauthorised alterations and we shall not be responsible for the consequence(s) in such event(s). All reasonable precautions have been taken to ensure no viruses are present in this E-mail. We cannot accept responsibility for loss or damage arising from the use of this E-mail or attachments and recommend that you subject these to your virus checking procedures prior to use.


More information about the Owasp-delhi mailing list