Alternatives for IBM AppScan

1335 views
Skip to first unread message

Henrique de Miranda Gontijo

unread,
Mar 28, 2012, 2:06:06 PM3/28/12
to java...@googlegroups.com
Hi guys,

As far as automated scan tool for security and vulnerabilities in web apps, have you used and suggest any alternatives for IBM AppScan?

Cheers,
Henrique
"Tudo tem o seu tempo determinado, e há tempo para todo o propósito debaixo do céu." Eclesiastes 3:1

Robert Casto

unread,
Mar 28, 2012, 2:09:38 PM3/28/12
to java...@googlegroups.com
Backtrack 5

--
You received this message because you are subscribed to the Google Groups "The Java Posse" group.
To post to this group, send email to java...@googlegroups.com.
To unsubscribe from this group, send email to javaposse+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.



--
Robert Casto
www.robertcasto.com
www.sellerstoolbox.com

Steven Siebert

unread,
Mar 28, 2012, 2:19:10 PM3/28/12
to java...@googlegroups.com
We use Retina for whole system scanning
(http://www.eeye.com/solutions/business-need/web-application-protection)
which also does XSS and SQL injection testing along with
application/patch version checking (if configured with access via
SSH). It takes a little bit to configure, but they do have training if
you have the time/money. I would recommend as a very good tool -
works in a heterogeneous network too (not just linux).

S

On Wed, Mar 28, 2012 at 2:06 PM, Henrique de Miranda Gontijo
<henr...@gontijo.org> wrote:

> --
> You received this message because you are subscribed to the Google Groups
> "The Java Posse" group.
> To post to this group, send email to java...@googlegroups.com.
> To unsubscribe from this group, send email to
> javaposse+...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/javaposse?hl=en.

--
my other quote is hilarious

Henrique M. Gontijo

unread,
Apr 3, 2012, 10:21:34 AM4/3/12
to java...@googlegroups.com
Hi guys,

Thanks a lot for the hints.
Anybody else have more clues?

Thanks,
-Henrique


On Wednesday, March 28, 2012 3:19:10 PM UTC-3, Steve Siebert wrote:
We use Retina for whole system scanning
(http://www.eeye.com/solutions/business-need/web-application-protection)
which also does XSS and SQL injection testing along with
application/patch version checking (if configured with access via
SSH). It takes a little bit to configure, but they do have training if
you have the time/money.  I would recommend as a very good tool -
works in a heterogeneous network too (not just linux).

S

On Wed, Mar 28, 2012 at 2:06 PM, Henrique de Miranda Gontijo
<-> wrote:
> Hi guys,
>
> As far as automated scan tool for security and vulnerabilities in web apps,
> have you used and suggest any alternatives for IBM AppScan?
>
> Cheers,
> Henrique
> "Tudo tem o seu tempo determinado, e há tempo para todo o propósito debaixo
> do céu." Eclesiastes 3:1
>
> --
> You received this message because you are subscribed to the Google Groups
> "The Java Posse" group.

> To post to this group, send email to-.


> To unsubscribe from this group, send email to

> -.


> For more options, visit this group at
> http://groups.google.com/group/javaposse?hl=en.

Rafal Habrat

unread,
Apr 3, 2012, 10:24:24 AM4/3/12
to java...@googlegroups.com
You may find this http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List helpful - it's a pretty comprehensive list of tools in that space...

Rafal

To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/2CB2DAeXT_cJ.

To post to this group, send email to java...@googlegroups.com.
To unsubscribe from this group, send email to javaposse+...@googlegroups.com.

Danielle Felder

unread,
May 15, 2018, 10:33:17 AM5/15/18
to Java Posse
If you're still looking, users on IT Central Station interested in IBM AppScan alternatives often read reviews for Veracode. This Technical Director wrote in his review, "We had IBM, we had Fortify, we had PMD, and there was one other scanner at the time that we were evaluating. Veracode came out on top, in almost every category." You can read the rest of his review here
Reply all
Reply to author
Forward
0 new messages