Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Opinions of automated testers
From: Dotzero <dotzero () gmail com>
Date: Tue, 8 May 2007 09:06:01 -0400

On 8 May 2007 03:58:22 -0000, zackpeters75 () yahoo com
<zackpeters75 () yahoo com> wrote:

My manager gave me our pen testing project and I'm still coming up to speed so forgive me if this question is not 100% 
list appropriate.

From what I can tell the top 3 automated pen testing programs are from SPI Dynamics, Cenzic and Watchfire. I haven't evaled 
any of them quite yet but they each seem to have their advantages and disadvantages. Cenzic is claiming to be the most accurate 
at least according to their 20/20 marketing program http://www.cenzic.com/forms/ec.php?pubid=10076 but I'm wondering what 
people have actually seen.

Erin gave an excellent response to you.... read carefully. Not too
long ago I did an in-depth evaluation of all 3 products. I had looked
at them in the past and we were finally in a position to make a
purchase decision. Each of the products has strengths and weaknesses.
They all do a pretty good job and from day to day one will be ahead of
the others and then a different one.

Most of the differences show up in the bells and whistles, report
presentation, etc. For me it almost comes down to flavors of ice
cream. I prefer vanilla but you may prefer chocolate. We ultimately
chose WebInspect (SpiDynamics) but it was a close decision all the way

One important caveat is that these are tools and if the person using
the tool doesn't understand how to use the tool properly then their
mileage may vary.

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]