mailing list archives
Re: [PEN-TEST] AppScan
From: Yonatan Bokovza <Yonatan () XPERT COM>
Date: Thu, 21 Sep 2000 14:09:18 +0300
From: john.george [mailto:john.george () HOME COM]
Sent: Wednesday, September 20, 2000 10:48 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] AppScan
I very interested in knowing if anyone has any experience with an
application scanner called AppScan. It is suppose to be able
where ISS left off, the application level.
This is the first Application Level Security Scanner i encountered.
Application level is usually regarded as "additional feature" in
commercial security scanners.
I started to evaluate this
software today and want to see if anyone else has any good or
bad points to
I used it in one penetration test. It's very thorough, looks for many
recurring misprogramming errors. I tend to use it as a reference,
to make sure i didn't left out anything. It has a nice "generate your
own" http queries and posts, but i'd like to see that scriptable.
Fine and sexy tool, all things considered.
The scanner is by http://www.sanctuminc.com .
IT Security Consultant.
yonatan () xpert com
Xpert Trusted Systems
Shenkar 1, Herzlia Pituach