[WEB SECURITY] IAST tools

Kevin O'Connor koconnor at dialogue-marketing.com
Thu Jul 12 11:45:39 EDT 2012


I've been using Seeker for a couple of months now, and I've been very happy with it.  I'd definitely consider it a mature product.   We've integrated it into our dev and QA environment, so basically our developers run seeker against their code as they're developing it and then we run it again as our QA people are running through our normal QA process.    It's really pretty easy to use - way more so than things like AppScan and the like - and I've had it find things that AppScan didn't.  Plus, I don't have to be the only one running the scans anymore *because* it's easy to use.   I don't mean to sound like I'm gushing over some software, but it really is a unique product.  I've never seen an IAST tool where all you have to do to test your application is *use* your application.

-Kevin

From: Avi Shvartz <avishvartz1 at yahoo.com>
Date: 12 ביולי 2012 13:04:23 GMT+03:00
To: "websecurity at lists.webappsec.org" <websecurity at lists.webappsec.org>
Subject: [WEB SECURITY] IAST tools
Reply-To: Avi Shvartz <avishvartz1 at yahoo.com>
Hi List,

I was wondering if anyone has experimenting using IAST (Interactive Application Security Testing) tools , especially SEEKER .
Any lessons made ?
Are there other tools around ?
Is it mature enough for prime time ?

Best,
Avi


This message, including any attachments, is confidential and/or proprietary to Dialogue Marketing® and its affiliated companies and should be read or retained only by the intended recipient. If you have received it in error, please notify the sender immediately and delete the original message.




More information about the websecurity mailing list