AppScan 3.0 Beta
Sites that need to secure large numbers of custom Web applications and/or Web servers will find AppScan 3.0s speed, relatively low cost and ease of use attractive. However, AppScan should not be used as a replacement for human audits and regular penetration tests.
Since a single license covers all the IP addresses a business manages, a single $15,000 AppScan purchase goes a long way. Finding Web application bugs in critical applications before outsiders do is worth this cost.
+Finds custom application and Web server vulnerabilities; very fast scanning engine; easy-to-use interface; flexible filtering tools allow for easy searching of reported vulnerabilities. mCustom rules are limited to simple file detection or parameter manipulation; could crash a tested server or put test data into a tested applications database.
Evaluation Short List
•SPI Dynamics WebInspect
•Kavado Inc.s ScanDo