'Retina Web Security Scanner'에 해당되는 글 2건

  1. 2009.12.16 Web Application Security Scanner List
  2. 2009.08.31 Website VA Vendor Comparison Chart
2009. 12. 16. 11:37

Web Application Security Scanner List


The following list of products and tools provide web application security scanner functionality.  Note that the tools on this list are not being endorsed by the Web Application Security Consortium - any tool that provides web application security scanning functionality will be listed here.  If you know of a tool that should be added to this list, please contact Brian Shura at bshura73@gmail.com.

Commercial Tools

Software-as-a-Service Providers

Free / Open Source Tools

출처 : http://projects.webappsec.org

Trackback 0 Comment 0
2009. 8. 31. 09:42

Website VA Vendor Comparison Chart

Update 08.24.2009: Billy Hoffman (HP) and I have been having some email dialog about the production-safe heading. Clearly this is contentious issue. Scanning coverage and depth are directly tied to the risk of production-safety, and every vendor has a slightly different approach to how they address the concerns. Basically I asked if vendors made a production-safe claim, that they have some reasonable verbiage/explanation for how they do so -- no assumption of production safety will be made. Billy publicly posted how HP does so (complete with the highlights of our dialog) and got check mark. Simple. Still for the immediate future I'm going to eliminate the heading from the chart until I can draft up a decent set of criteria that will make things more clear. This of course will be open to public scrutiny. In the meantime, if anyway vendors want to post links about how their achieve "production-safe" they should be feel free to do so.

As you can imagine I spend a good portion of my time keeping a close watch on the movements of website vulnerability assessment market. Part of that requires identifying the different players, who is really offering what (versus what they say they do), how they do it, how well, and for how much. Most of the time it is easier said than done, parsing vague marketing literature, and it is never "done." Every once in a while I post a chart listing the notable SaaS/Cloud/OnDemand/Product vendors and how some of their key features compare, not so much in degree, but at least in kind. If anything is missing or incorrect, which there probably is, please comment and I’ll be happy to update.

출처 : http://jeremiahgrossman.blogspot.com/

Trackback 1 Comment 0