Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

RE: Spi's products worth a try? Or any suggestions for developer s' tool?
From: Jeff Robertson <jeff.robertson () digitalinsight com>
Date: Mon, 7 Nov 2005 07:37:54 -0500 
I would suggest that what will reduce the testers' time is teaching the
developers to code securely. I know that sounds like a tautology, but
they're going to have to know it anyway if you expect them to make sense of
what they get out of a scan.

In any case, I would think that source code analysis would be the most
useful tool for developers. Developers think in terms of code, and you
aren't going to change that. Hit them where they live.

Sorry, I can't recommend any ;-)

Jeff Robertson
Manager of Web Application Security
Digital Insight



-----Original Message-----
From: Aman Raheja [mailto:araheja () techquotes com]
Sent: Friday, November 04, 2005 12:40
To: webappsec () securityfocus com
Subject: Spi's products worth a try? Or any suggestions for 
developers'
tool? 


Hello
Anyone has any experiance with Spi's tools for web application 
vulnerability scanning?
http://www.spidynamics.com/products/index.html
I need to suggest developers' tool so that they can self assess their 
application and reduce the overhead of the testing team.
Any advice?
Thanks in advance.
Regards
Aman Raheja

http://www.techquotes.com

  By Date           By Thread  

Current thread:
  • RE: Spi's products worth a try? Or any suggestions for developer s' tool? Jeff Robertson (Nov 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]