.

Web App Pen Testing Products

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Mar 30, 2006 4:20 pm

Web App Pen Testing Products

Rooting Out Web App Holes 
By Jim Rapoza (eWeek Mag)
March 13, 2006


Review: Web application penetration-testing tool veterans WebInspect and AppScan show they still have the right security stuff.


Despite all the attention that security holes in various operating systems get, the most likely avenue for successfully compromising a corporate system is a poorly developed Web-based application. It's essential, therefore, for developers to find potential problems before deploying a Web application to a live site.

That's where Web application penetration-testing products come in. These tools let developers perform exhaustive application scans to find known security holes or even poorly designed code that could potentially lead to a security breach.

For full story:
http://www.eweek.com/article2/0,1759,1937372,00.asp

Podcast with Peter Coffee and Jim Rapoza looks at recent reviews of Web security products:
http://www.eweek.com/article2/0,1759,1939546,00.asp

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Mar 30, 2006 4:34 pm

Re: Web App Pen Testing Products

I will vouch that Webinspect is the real deal!  It rips the web server and finds tons of stuff, the reporting is sweet and it is worth the steep price if you are serious about web security.  My company had a 30 free trial to scan 1 IP address and the damn thing yielded a 450+ page report.  The box we tested was unpatched and an old version if IIS and it found everything from XSS to SQL injections and beyond.  It scans for HIPAA, PCI, Sarbanes-Oxley requirements by themselves or combined.  I highly suggest this product!!!  5 stars!
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Mar 30, 2006 4:36 pm

Re: Web App Pen Testing Products

Of course if you can't afford Webinspect, I recommend SARA and Nikto together.  They aren't as in-depth or as robust but are good nonetheless.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

tmartin

Recruiters
Recruiters

Posts: 46

Joined: Tue Sep 20, 2005 9:36 pm

Post Fri Mar 31, 2006 8:37 am

Re: Web App Pen Testing Products

Thanks for the input. Did your co buy it?
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Fri Mar 31, 2006 9:07 am

Re: Web App Pen Testing Products

No not yet.  I think that once we get certified we may buy it.  It is pretty expensive like I think but don't quote me $20,000 for one machine and can scan unlimited number of IP addresses.  They give you a registry key that locks/binds the registration to only that specified machine.  We had a 30 day trial one one machine to scan 1 IP address.  I am lobbying for us to buy it.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software