|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Spi's products worth a try? Or any suggestions for developers' tool?
From: Thomas Ryan (tryan
siegeworksint.com)
Date: Sun Nov 06 2005 - 19:04:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Aman,
Are you looking to allow all of your developers to scan their own
applications on their local desktop? Are you developing ASP, ASP.NET, Java
or PHP Applications? If you are looking for a scanner for developers, you
have 2 choices...DevInspect or AppScan DE.
DevInspect and SecureObjects are tightly integrated with Visual Studio .NET,
while AppScan DE Scans the Application at Runtime on the developer's
desktop.
Scanning solutions serve a purpose within application security, Even though
at best they find 30% of the problems. If you chose to scanning solution for
your QA process I would look at NTOSpider (
http://www.ntobjectives.com/products/ntospider.php ) or WebInspect (
http://www.spidynamics.com/products/webinspect/index.html )
Before choosing a scanner, I would develop a testing criteria and test the
scanners against several different types of internal applications.
Thomas Ryan
Senior Security Consultant
SiegeWorks International
-----Original Message-----
From: Aman Raheja [mailto:arahejatechquotes.com]
Sent: Friday, November 04, 2005 9:40 AM
To: webappsecsecurityfocus.com
Subject: Spi's products worth a try? Or any suggestions for developers'
tool?
Hello
Anyone has any experiance with Spi's tools for web application
vulnerability scanning?
http://www.spidynamics.com/products/index.html
I need to suggest developers' tool so that they can self assess their
application and reduce the overhead of the testing team.
Any advice?
Thanks in advance.
Regards
Aman Raheja
http://www.techquotes.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]