Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Cenzic Hailstorm vs Rational AppScan from IBM
From: Neil Matatall <neil.m () UCI EDU>
Date: Thu, 11 Dec 2008 11:24:05 -0800

We use Appscan and I have had some issues with it.  These issues are few
and far between (had issues with re-tests not picking up changes) and
the browser inside of Appscan has a few shortcomings (no status bar,
erratic behavior).

Regarding of the effectiveness of Appscan, it has never let us down
(yet? knocks on wood).  I have had no major complaints or felt the need
to submit a support ticket.

However, I have not used Hailstrom so I cannot recommend one over the
other.  Are there any independent studies on these products?


Jon Hanny wrote:
We bough Cenzic almost a year ago and thus far are happy with the product.
Having said that, there really is no replacement for a well seasoned
penetration tester. I did not try Appscan so I cannot speak to how they


Jon Hanny, CISSP
Application Security Specialist
The George Washington University
jehanny () gwu edu
appsec () gwu edu

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Erik Decker
Sent: Thursday, December 11, 2008 1:23 PM
Subject: Cenzic Hailstorm vs Rational AppScan from IBM


We are currently evaluating two web vulnerability scanning products:  Cenzic
Hailstrom and IBM's appscan.

Has anyone ever used Hailstorm before?  If so, do you like their product?
Did you run a comparison against Appscan?

Cenzic seems to be a new player to this market.  Their product seems fairly
robust, but we are a little unsure of it.  Our team has used Appscan in the
past, but we are open to change.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]