Educause Security Discussion
mailing list archives
Re: Web application security scanners
From: "Lovaas,Steven R" <Steven.Lovaas () COLOSTATE EDU>
Date: Thu, 18 Jan 2007 16:33:56 -0700
We're taking a serious look at Watchfire's AppScan...
Steven Lovaas, MSIA, CISSP
Network Security Manager
Academic Computing & Network Services
Colorado State University
Steven.Lovaas () ColoState EDU
From: Brad Judy [mailto:Brad.Judy () COLORADO EDU]
Sent: Thursday, January 18, 2007 3:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Web application security scanners
We're starting to look into web application security scanning tools and I wanted to ping the group and see what people
found when looking into this for themselves and what motivated their selection.
After some initial digging, it looks like most people lean towards Spidynamics' WebInspect or Watchfire's AppScan. I
plan on looking into both of those.
Obviously, none of these products are the end-all-be-all of web app security, but they do address the basic need of
common web app coding errors for an initial level of validation of both in-house developed apps as well as pre-purchase
testing of commercial apps.
So, what did you learn when looking into this space, what did you select and why?
IT Security Office
Information Technology Services
University of Colorado at Boulder