We are starting to look at web application security and have been talking to someone at IBM about IBM (webfire) Rational Appscan. It seems to be fairly pricey compared to some of the others in our admittedly limited searching.
Has anyone got suggestions for programs to do web application security testing? We're only just beginning our search and there doesn't seem to be a lot of information/reviews out there. I've seen a couple of pages that have some information but it looks to be out of date.
http://www.softwareqatest.com/qatweb1.html#SECURITY
http://sectools.org/web-scanners.html
We are a small IT department so our scans would be fairly limited in the number of people who will perform a scan (maybe three people) and are looking at the developer version of appscan (which is limited to one person). Our budget is tight but we also want something that is simple to use and works well. I'd say our main concerns are sql injection and general server security. We are a mostly windows shop but do have a couple of ubuntu servers.
Has anyone got suggestions for programs to do web application security testing? We're only just beginning our search and there doesn't seem to be a lot of information/reviews out there. I've seen a couple of pages that have some information but it looks to be out of date.
http://www.softwareqatest.com/qatweb1.html#SECURITY
http://sectools.org/web-scanners.html
We are a small IT department so our scans would be fairly limited in the number of people who will perform a scan (maybe three people) and are looking at the developer version of appscan (which is limited to one person). Our budget is tight but we also want something that is simple to use and works well. I'd say our main concerns are sql injection and general server security. We are a mostly windows shop but do have a couple of ubuntu servers.