Educause Security Discussion
mailing list archives
Re: Cenzic Hailstorm vs Rational AppScan from IBM
From: Neil Matatall <neil.m () UCI EDU>
Date: Thu, 11 Dec 2008 11:24:05 -0800
We use Appscan and I have had some issues with it. These issues are few
and far between (had issues with re-tests not picking up changes) and
the browser inside of Appscan has a few shortcomings (no status bar,
Regarding of the effectiveness of Appscan, it has never let us down
(yet? knocks on wood). I have had no major complaints or felt the need
to submit a support ticket.
However, I have not used Hailstrom so I cannot recommend one over the
other. Are there any independent studies on these products?
Jon Hanny wrote:
We bough Cenzic almost a year ago and thus far are happy with the product.
Having said that, there really is no replacement for a well seasoned
penetration tester. I did not try Appscan so I cannot speak to how they
Jon Hanny, CISSP
Application Security Specialist
The George Washington University
jehanny () gwu edu
appsec () gwu edu
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Erik Decker
Sent: Thursday, December 11, 2008 1:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Cenzic Hailstorm vs Rational AppScan from IBM
We are currently evaluating two web vulnerability scanning products: Cenzic
Hailstrom and IBM's appscan.
Has anyone ever used Hailstorm before? If so, do you like their product?
Did you run a comparison against Appscan?
Cenzic seems to be a new player to this market. Their product seems fairly
robust, but we are a little unsure of it. Our team has used Appscan in the
past, but we are open to change.