'RE: [OWASP-LEADERS] Re: [Owasp-dotnet] [Fwd: SPI Dynamics Wins Secure'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-dotnet
Subject:    RE: [OWASP-LEADERS] Re: [Owasp-dotnet] [Fwd: SPI Dynamics Wins Secure
From:       "Eoin Keary" <eoinkeary () hotmail ! com>
Date:       2005-09-13 9:46:14
Message-ID: BAY18-F293D0BB041A91B76E188C5A69C0 () phx ! gbl
[Download RAW message or body]

Yep i mentioned this to a SPI rep when i got an eval copy.
Got no response.

You can request an evaluation key from SPI but need to specify the target IP 
address.
Its still as bad as AppScan & ScanDo in MHO.

Eoin





>From: Dinis Cruz <dinis@ddplus.net>
>Reply-To: owasp-leaders@lists.sourceforge.net
>To: owasp-dotnet@lists.sourceforge.net,owasp-leaders@lists.sourceforge.net
>Subject: [OWASP-LEADERS] Re: [Owasp-dotnet] [Fwd: SPI Dynamics Wins Secure 
>Enterprise Testers Choice]
>Date: Tue, 13 Sep 2005 08:00:19 +0100
>
>Once again, more references to Spy Dynamics use of the Owasp Top 10!
>
>I think it is time for us to ask Spy Dynamic how they use the Owasp Top 10 
>in their product, what claims are they making and how exactly they are 
>testing this.
>
>Is anybody out there with some spare cycles that could write this 
>'official' letter from Owasp to Spy Dynamics?
>
>I am also quite interested in knowing more information about the actual 
>results (since this article almost doesn't talk about it, it mainly talks 
>about the functionality of these tools, not its effectiveness in detecting 
>vulnerabilities)
>
>Dinis Cruz
>Owasp .Net Project Leader
>
>Daniel Cuthbert wrote:
>
>>Loads
>>
>>The reason it works is that it has loads of shiny buttons and the 
>>marketing department claims it to be the best
>>They only let you test it on their vulnerable web site, but anyone with a 
>>small sense can guess its been designed to "find" all those holes
>>
>>Easy tip for anyone wanting to totally stuff the automated scanners:
>>Make Apache/IIS return 200 OK's for EVERY request. This will make it light 
>>up like a christmas tree for vulnerabilities found
>>
>>
>>On 12 Sep 2005, at 21:44, Dinis Cruz wrote:
>>
>>>Any comments?
>>>
>>>*From: *SPI Dynamics <news@spidynamics.com <mailto:news@spidynamics.com>>
>>>*Date: *12 September 2005 20:30:48 BDT
>>>*To: *dinis@ddplus.net <mailto:dinis@ddplus.net>
>>>*Subject: **SPI Dynamics Wins Secure Enterprise Testers Choice*
>>>*Reply-To: *news@spidynamics.com <mailto:news@spidynamics.com>
>>>
>>>
>>>
>>>SPI Dynamics and Microsoft
>>>Webcast: The Hacker Evolution: New Trends in Application Vulnerabilities 
>>>and Exploits
>>>
>>>* 
>>><http://sdm3.rm04.net/ctt?kn=3&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1>*
>>>
>>>	**
>>>
>>>Secure Enterprise Magazine chose SPI Dynamics WebInspect 5.5 as the 
>>>Testers Choice product in a recent Web Application vulnerability scanner 
>>>product review. Read the entire Secure Enterprise review at: 
>>>http://www.spidynamics.com/assets/documents/SecureEnterprise_WI5.5_review.pdf 
>>><http://sdm3.rm04.net/ctt?kn=6&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1>
>>>
>>>
>>>* 
>>><http://sdm3.rm04.net/ctt?kn=5&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1>**
>>>To test your Web Application, download our complimentary 15-day product 
>>>trial that delivers a comprehensive vulnerability report.
>>>*
>>>
>>>
>>>WebInspect Enterprise Edition 5.5. delivers a complete enterprise 
>>>solution for addressing security throughout the application lifecycle.
>>>Learn More>>> 
>>><http://sdm3.rm04.net/ctt?kn=2&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1>
>>>
>>>*SPI Dynamics, Inc.
>>>*115 Perimeter Center Pl. NE.
>>>Suite 1100
>>>Atlanta GA 30346
>>>678.781.4800
>>>sales@spidynamics.com <mailto:sales@spidynamics.com>
>>>Toll-Free: 1.866.SPI.2700 (1.866.774.2700) www.spidynamics.com 
>>><http://www.spidynamics.com/>
>>>
>>>
>>>
>>>Please Remove Me From This Mailing 
>>><http://sdm3.rm04.net/ui/modules/display/optOut.jsp?&m=396643&r=MTYwNjMwNzA1NAS2&j=Nzc2MzQxMwS2&mt=1>
>>>
>>>
>>>
>>>
>>
>

_________________________________________________________________
Easily locate documents, email & more on your PC - get MSN Toolbar! 
http://toolbar.msn.ie



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Owasp-dotnet mailing list
Owasp-dotnet@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic