« Vista SP1 Coming In Q1 2008 | Main | Chinese military hacked into Pentagon »

Rolling Review: N-Stalker Web App Scanner

"The range of products calling themselves "security scanners" is so broad that the designation is flirting with irrelevance. You have your vulnerability assessment software, which uses large databases of known vulnerabilities. Then there are penetration-testing applications that focus on fewer vulnerabilities but include the ability to exploit flaws instead of just identify them. More relevant to this Rolling Review are Web application scanners, which attempt to uncover problems in newly developed software--before they get exploited.

As an added twist in this review, we've focused our testing on Ajax applications. We've already evaluated Hewlett-Packard(HP)'s WebInspect (formerly from SPI Dynamics) and Cenzic's Hailstorm. Both are Web application vulnerability scanners aimed primarily at crawling new Web apps looking for exploitable flaws. Sure, they're able to detect some common misconfigurations within Web servers and languages, even pick up a few stock bugs in known programs. But that's not their primary focus."

Article Link: http://www.informationweek.com/news/showArticle.jhtml?articleID=201803341&subSection=All+Stories


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!