.

Webinspect vs AppScan

<<

eyenit0

User avatar

Jr. Member
Jr. Member

Posts: 52

Joined: Wed Sep 01, 2010 2:17 pm

Post Tue Jan 17, 2012 10:07 am

Webinspect vs AppScan

Hey everyone,

I've been evaluating web application scanners for my company to invest in and was wondering which of these two you guys have experience with and recommend. I know there are open source tools that are just as good or better and discovering vulns, but I'm also interested in their reporting and compliance (FISMA) features.

I've tested out both of them (full evaluation license) against a test site and they both still miss a few vulnerabilities that I know are there. I'm leaning toward AppScan because I like the interface better and find it easier to get around in, but am open to suggestions.

Open source tools will still be a part of my toolkit - there's no doubt about that - but the company also wants to have an established "professional" scanner in place. I'm sure the rest of you are like me and don't like a scanner taking all the fun out of web app testing, but at least I'll still get to do manual testing after initial scans.

Thanks for your input.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Jan 17, 2012 5:15 pm

Re: Webinspect vs AppScan

We use Hailstorm and have mixed opinions about it. You might want to give it a shot. I've not used those others...........because im burping.
<<

eyenit0

User avatar

Jr. Member
Jr. Member

Posts: 52

Joined: Wed Sep 01, 2010 2:17 pm

Post Tue Jan 17, 2012 5:25 pm

Re: Webinspect vs AppScan

Thanks for the input.
I actually had a Webex last week with Cenzic to go over Hailstorm. I'm working on getting an evaluation copy, but they won't give it out without setting up another Webex to go through the install process, so I'm still working that out.

The UI to Hailstorm didn't seam very intuitive and looked like it might be difficult to get around in. I'd like to test it out and see how it does finding vulnerabilities, but I wasn't very impressed with its presentation.

I guess I'll get an eval soon enough and will be able to test it. If it does a better job at finding vulnerabilities, then I don't care too much about the UI.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software