mailing list archives
Re: Web Application Vulnerability Scanner
From: zackPeters75 () yahoo com
Date: 2 Nov 2007 01:25:42 -0000
I had to evaluate some automated web app scanners a few months back. We weren't using anything and I was tasked with
choosing one. I ended up looking at the big three (Spi, Watchfire, Cenzic) and chose Cenzic's Hailstorm.
From a web app vulnerability perspective, I love it. Tons of options to customize and tweak. As I keep learning more
about web app security, I find that I can directly configure their product to do what I want.
PCI was an element of our eval but not a huge part. I can give our developers what they need to fix and how. We still
need to hire an outside auditor / certification agency for that final sign off.
My two cents.
- Re: Web Application Vulnerability Scanner, (continued)