Alternatives for IBM AppScan

[Henrique de Miranda Gontijo]

Hi guys,

As far as automated scan tool for security and vulnerabilities in web apps, have you used and suggest any alternatives for IBM AppScan?

Cheers,

Henrique

"Tudo tem o seu tempo determinado, e há tempo para todo o propósito debaixo do céu." Eclesiastes 3:1

[Robert Casto]

Backtrack 5

--
You received this message because you are subscribed to the Google Groups "The Java Posse" group.
To post to this group, send email to java...@googlegroups.com.
To unsubscribe from this group, send email to javaposse+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.

--
Robert Casto
www.robertcasto.com
www.sellerstoolbox.com

[Steven Siebert]

We use Retina for whole system scanning
(http://www.eeye.com/solutions/business-need/web-application-protection)
which also does XSS and SQL injection testing along with
application/patch version checking (if configured with access via
SSH). It takes a little bit to configure, but they do have training if
you have the time/money. I would recommend as a very good tool -
works in a heterogeneous network too (not just linux).

S

On Wed, Mar 28, 2012 at 2:06 PM, Henrique de Miranda Gontijo
<henr...@gontijo.org> wrote:

> --
> You received this message because you are subscribed to the Google Groups
> "The Java Posse" group.
> To post to this group, send email to java...@googlegroups.com.
> To unsubscribe from this group, send email to
> javaposse+...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/javaposse?hl=en.

--
my other quote is hilarious

[Henrique M. Gontijo]

Hi guys,

Thanks a lot for the hints.

Anybody else have more clues?

Thanks,

-Henrique

On Wednesday, March 28, 2012 3:19:10 PM UTC-3, Steve Siebert wrote:

We use Retina for whole system scanning
(http://www.eeye.com/solutions/business-need/web-application-protection)
which also does XSS and SQL injection testing along with
application/patch version checking (if configured with access via
SSH). It takes a little bit to configure, but they do have training if
you have the time/money.  I would recommend as a very good tool -
works in a heterogeneous network too (not just linux).

S

On Wed, Mar 28, 2012 at 2:06 PM, Henrique de Miranda Gontijo
<-> wrote:
> Hi guys,
>
> As far as automated scan tool for security and vulnerabilities in web apps,
> have you used and suggest any alternatives for IBM AppScan?
>
> Cheers,
> Henrique
> "Tudo tem o seu tempo determinado, e há tempo para todo o propósito debaixo
> do céu." Eclesiastes 3:1
>
> --
> You received this message because you are subscribed to the Google Groups
> "The Java Posse" group.

> To post to this group, send email to-.

> To unsubscribe from this group, send email to

> -.

> For more options, visit this group at
> http://groups.google.com/group/javaposse?hl=en.

[Rafal Habrat]

You may find this http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List helpful - it's a pretty comprehensive list of tools in that space...

Rafal

To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/2CB2DAeXT_cJ.

To post to this group, send email to java...@googlegroups.com.
To unsubscribe from this group, send email to javaposse+...@googlegroups.com.

[Danielle Felder]

If you're still looking, users on IT Central Station interested in IBM AppScan alternatives often read reviews for Veracode. This Technical Director wrote in his review, "We had IBM, we had Fortify, we had PMD, and there was one other scanner at the time that we were evaluating. Veracode came out on top, in almost every category." You can read the rest of his review here.