[OWASP-TESTING] About Scanners (for testing guide)

Mark Curphey mark.curphey at foundstone.com
Tue Mar 30 11:42:38 EST 2004

I tested them all in the past. The best founds 21% of issues on my
benchmark platform, the worse found 6%.  I could write a book on the
things they cant find but I cant be bothered to supply the free research
for the vendors ;-

-----Original Message-----
From: Calderon, Juan Carlos (GE Commercial Finance, NonGE)
[mailto:juan.calderon at ge.com] 
Sent: Tuesday, March 30, 2004 11:31 AM
To: owasp-testing at lists.sourceforge.net
Subject: [OWASP-TESTING] About Scanners (for testing guide)

Hi all

Can't remember if I share this to you earlier, it's a little tought
about scanners derived from the use of them (mainly Sanctum Appscan) for
almost 4 years now.

I've found that no matter teir capacity, in an enterprise enviroment
their attacks or assessments are "blocked" by firewalls, routers,
proxies, IDS, etc. all this make them some kind inneficient and/or
innacurate right out of the box, not even installed. IMO ideally they
would need a direct connection in a controled environment to deploy the
potentital they have (low or high), this is, as I mention, ideally.


This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux
tutorial presented by Daniel Robbins, President and CEO of GenToo
technologies. Learn everything from fundamentals to system
owasp-testing mailing list
owasp-testing at lists.sourceforge.net

More information about the Owasp-testing mailing list