Penetration Testing: RE: Spi's products worth a try? Or any suggestions for developers' tool?

["Rui Pereira (WCG)" <wavefront1 () shaw ca>]

I have been using SPI Dynamic's WebInspect for over a year now and can
safely say that I am very pleased with its functionality, performance,
granularity and ability to ferret out potential flaws in web applications of
different stripes. Then again, I am using it in a security review/pen-test
mode, and cannot directly speak to its usability as a tool for the
developer's themselves to use. Maybe someone who has used it during the
evaluation process will care to speak up...

Thank You
 
Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA
Principal Consultant

WaveFront Consulting Group
Certified Information Systems Security Professionals
 
wavefront1 () shaw ca

-----Original Message-----
From: Evans, Arian [mailto:Arian.Evans () fishnetsecurity com] 
Sent: November 4, 2005 10:53 AM
To: Aman Raheja; pen-test () securityfocus com
Subject: RE: Spi's products worth a try? Or any suggestions for developers'
tool?


1. I would suggest SPI's tools are worth evaluation.

2. For other tools to evaluate, you will find a fairly comprehensive
starting point in this PPT:

http://www.owasp.org/docroot/owasp/misc/OWASP_DC_2005_Presentations/Track_2-
Day1/AppSec2005DC-Arian_Ev
ans_Tools-Taxonomy.ppt

-ae

> -----Original Message-----
> From: Aman Raheja [mailto:araheja () techquotes com]
> Sent: Friday, November 04, 2005 12:56 AM
> To: pen-test () securityfocus com
> Subject: Spi's products worth a try? Or any suggestions for 
> developers' tool?
>
>
> Hello
> Anyone has any experiance with Spi's tools for web application
> vulnerability scanning?
> http://www.spidynamics.com/products/index.html
> I need to suggest developers' tool so that they can self assess their 
> application and reduce the overhead of the testing team.
> Any advice?
> Thanks in advance.
> Regards
> Aman Raheja
>
> http://www.techquotes.com
>
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking
> applications on your 
> website. Up to 75% of cyber attacks are launched on shopping 
> carts, forms, 
> login pages, dynamic content etc. Firewalls, SSL and 
> locked-down servers are 
> futile against web application hacking. Check your website 
> for vulnerabilities 
> to SQL injection, Cross site scripting and other web attacks 
> before hackers do! 
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------