Penetration Testing: RE: Spi's products worth a try? Or any suggestions for developers' tool?

["Mike Pearson" <mp () digitalstakeout com>]

My company conducted a through evaluation of SPI WebInspect, Watchfire
AppScan, Acunetix and various open source products and ended up choosing a
combination of AppScan and open source as the primary backend for our
service, Threat Portal VMS.

One thing to keep in mind is that Watchfire holds the definitive patent for
conducting intelligent web crawling for vulnerabilities. Both SPI and
Acunetix had to pay Watchfire multi-million dollar royalty payments in order
to use the patent. SPI may be a little faster with new updates but Watchfire
invented the process.

Mike Pearson
www.digitalstakeout.com


-----Original Message-----
From: Evans, Arian [mailto:Arian.Evans () fishnetsecurity com] 
Sent: Friday, November 04, 2005 1:53 PM
To: Aman Raheja; pen-test () securityfocus com
Subject: RE: Spi's products worth a try? Or any suggestions for developers'
tool?

1. I would suggest SPI's tools are worth evaluation.

2. For other tools to evaluate, you will find a fairly
comprehensive starting point in this PPT:

http://www.owasp.org/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-
Day1/AppSec2005DC-Arian_Ev
ans_Tools-Taxonomy.ppt

-ae

> -----Original Message-----
> From: Aman Raheja [mailto:araheja () techquotes com] 
> Sent: Friday, November 04, 2005 12:56 AM
> To: pen-test () securityfocus com
> Subject: Spi's products worth a try? Or any suggestions for 
> developers' tool?
>
>
> Hello
> Anyone has any experiance with Spi's tools for web application 
> vulnerability scanning?
> http://www.spidynamics.com/products/index.html
> I need to suggest developers' tool so that they can self assess their 
> application and reduce the overhead of the testing team.
> Any advice?
> Thanks in advance.
> Regards
> Aman Raheja
>
> http://www.techquotes.com
>
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner: 
>
> Hackers are concentrating their efforts on attacking 
> applications on your 
> website. Up to 75% of cyber attacks are launched on shopping 
> carts, forms, 
> login pages, dynamic content etc. Firewalls, SSL and 
> locked-down servers are 
> futile against web application hacking. Check your website 
> for vulnerabilities 
> to SQL injection, Cross site scripting and other web attacks 
> before hackers do! 
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------