Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] AppScan
From: Yonatan Bokovza <Yonatan () XPERT COM>
Date: Thu, 21 Sep 2000 14:09:18 +0300

-----Original Message-----
From: john.george [mailto:john.george () HOME COM]
Sent: Wednesday, September 20, 2000 10:48 PM
Subject: [PEN-TEST] AppScan

I very interested in knowing if anyone has any experience with an
application scanner called AppScan. It is suppose to be able
to continue
where ISS left off, the application level.
This is the first Application Level Security Scanner i encountered.
Application level is usually regarded as "additional feature" in
commercial security scanners.

I started to evaluate this
software today and want to see if anyone else has any good or
bad points to
the scanner.
I used it in one penetration test. It's very thorough, looks for many
recurring misprogramming errors. I tend to use it as a reference,
to make sure i didn't left out anything. It has a nice "generate your
own" http queries and posts, but i'd like to see that scriptable.
Fine and sexy tool, all things considered.
The scanner is by http://www.sanctuminc.com .

Yonatan Bokovza
IT Security Consultant.
yonatan () xpert com
Xpert Trusted Systems
Shenkar 1, Herzlia Pituach

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]