mailing list archives
Re: [PEN-TEST] AppScan
From: "john.george" <john.george () HOME COM>
Date: Fri, 22 Sep 2000 10:25:24 -0700
I will keep you updated as time goes by. So have you found any good info on Sanctum?
I've looked at Clicknet and feel it does not sever the same perpose. Clicknet protects the operating system and API's.
They are subscription based and require continual updating to the library of signatures that are recognized. The
product does not actively protect the HTTP and therefore does not provide web application security. Clicknet can
identify and prevent specific known attacks such as buffer overflows, getadmin, and some other attacks, but does not
protect against site defacement, sequel queries, holes in the application, pearl scripts, etc.
Let stay intouch on this.
----- Original Message -----
From: Greg Jensen
To: john.george () home com
Sent: Wednesday, September 20, 2000 3:44 PM
Fellow Cable modem user.....
I too am doing a good amount of research on this company, and it's products AppScan and AppShield. If you would be
so kind, as to forward to me any responses that you get on this (good or bad). I would greatly appreciate it!
If it is just as an assesment tool, this is the only product, but if you are looking in the direction of Sanctum's
other tool, thier (kindof an IDS) AppShield, then also look at ClickNet, as they also offer a similar tool.
From: john.george [mailto:john.george () HOME COM]
Sent: Wednesday, September 20, 2000 3:48 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] AppScan
I very interested in knowing if anyone has any experience with an
application scanner called AppScan. It is suppose to be able to continue
where ISS left off, the application level. I started to evaluate this
software today and want to see if anyone else has any good or bad points to
the scanner. The scanner is by http://www.sanctuminc.com .