App Scanning Helps Secure Weak Spots - Page 4

.0">

WebInspect 2.0

USABILITY

Good

CAPABILITY

Good

PERFORMANCE

Fair

INTEROPERABILITY

Good

MANAGEABILITY

Fair

SCALABILITY

Fair

SECURITY

Good

SPI Dynamics WebInspect provides a cost-effective way to scan custom Web applications on one or two Web servers for coding vulnerabilities. Web developers will especially appreciate the developer-oriented sections in its vulnerability descriptions. As with Sanctums AppScan, organizations using WebInspect should continue to perform human audits and regular penetration tests.

Cost Analysis

At $4,995 per tested server, WebInspect lets organizations test one or two servers quite cheaply, but costs rise quickly for larger shops.

(+) Finds custom application and Web server vulnerabilities; provides a full programming language and programming tools to write custom rules; information-packed vulnerability descriptions. (-) A full scan of an application took longer with WebInspect than it did with AppScan; could crash a tested server or put test data into a tested applications database.

Evaluation Short List

•Sanctums AppScan

www.spidynamics.com