WebApp Sec: Re: Spi's products worth a try? Or any suggestions for developers' tool?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Spi's products worth a try? Or any suggestions for developers' tool?

From: bugtraq () cgisecurity net
Date: Mon, 7 Nov 2005 18:25:30 -0500 (EST)

Hailstorm does it differently, using what you might think of as active 
payloads. It monitors what each injected payload does and then monitors 
browser memory (it uses a baked-in version of Mozilla) to trap when code or 
events execute in the application space as a result of its actions. This is 
a world of difference between other black-box tools. Hailstorm also uses 
fairly advanced AI when it comes to analyzing server behavior: heuristics, 
causal and behavior triggers, a significant number of configuration options 
for advanced tuning. I like it because it gives me better, more accurate, 
more actionable, results. Period. I am certain it would benefit your team.


What a great sales pitch "App Master" or is it "Appman Zero"?

- z 
http://www.cgisecurity.com/

By Date By Thread

Current thread:

Re: Spi's products worth a try? Or any suggestions for developers' tool? App Master (Nov 07)
- Re: Spi's products worth a try? Or any suggestions for developers' tool? bugtraq (Nov 08)
- <Possible follow-ups>
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Peine,Holger (Nov 08)
- RE: Spi's products worth a try? Or any suggestions for developers' tool? Ory Segal (Nov 08)