Home page logo

educause logo Educause Security Discussion mailing list archives

Web application security scanners
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Thu, 18 Jan 2007 15:09:54 -0700

We're starting to look into web application security scanning tools and
I wanted to ping the group and see what people found when looking into
this for themselves and what motivated their selection.  

After some initial digging, it looks like most people lean towards
Spidynamics' WebInspect or Watchfire's AppScan.  I plan on looking into
both of those.  

Obviously, none of these products are the end-all-be-all of web app
security, but they do address the basic need of common web app coding
errors for an initial level of validation of both in-house developed
apps as well as pre-purchase testing of commercial apps.  

So, what did you learn when looking into this space, what did you select
and why?  


Brad Judy

IT Security Office
Information Technology Services
University of Colorado at Boulder

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]