I've been using Seeker for a couple of months now, and I've been very happy with it. I'd definitely consider it a mature product. We've integrated it into our dev and QA environment, so basically our developers run seeker against their code as they're developing it and then we run it again as our QA people are running through our normal QA process. It's really pretty easy to use - way more so than things like AppScan and the like - and I've had it find things that AppScan didn't. Plus, I don't have to be the only one running the scans anymore because it's easy to use. I don't mean to sound like I'm gushing over some software, but it really is a unique product. I've never seen an IAST tool where all you have to do to test your application is use your application.
-Kevin
From: Avi Shvartz avishvartz1@yahoo.com
Date: 12 ביולי 2012 13:04:23 GMT+03:00
To: "websecurity@lists.webappsec.org" websecurity@lists.webappsec.org
Subject: [WEB SECURITY] IAST tools
Reply-To: Avi Shvartz avishvartz1@yahoo.com
Hi List,
I was wondering if anyone has experimenting using IAST (Interactive Application Security Testing) tools , especially SEEKER .
Any lessons made ?
Are there other tools around ?
Is it mature enough for prime time ?
Best,
Avi
This message, including any attachments, is confidential and/or proprietary to Dialogue Marketing® and its affiliated companies and should be read or retained only by the intended recipient. If you have received it in error, please notify the sender immediately and delete the original message.
I've been using Seeker for a couple of months now, and I've been very happy with it. I'd definitely consider it a mature product. We've integrated it into our dev and QA environment, so basically our developers run seeker against their code as they're developing it and then we run it again as our QA people are running through our normal QA process. It's really pretty easy to use - way more so than things like AppScan and the like - and I've had it find things that AppScan didn't. Plus, I don't have to be the only one running the scans anymore *because* it's easy to use. I don't mean to sound like I'm gushing over some software, but it really is a unique product. I've never seen an IAST tool where all you have to do to test your application is *use* your application.
-Kevin
From: Avi Shvartz <avishvartz1@yahoo.com>
Date: 12 ביולי 2012 13:04:23 GMT+03:00
To: "websecurity@lists.webappsec.org" <websecurity@lists.webappsec.org>
Subject: [WEB SECURITY] IAST tools
Reply-To: Avi Shvartz <avishvartz1@yahoo.com>
Hi List,
I was wondering if anyone has experimenting using IAST (Interactive Application Security Testing) tools , especially SEEKER .
Any lessons made ?
Are there other tools around ?
Is it mature enough for prime time ?
Best,
Avi
This message, including any attachments, is confidential and/or proprietary to Dialogue Marketing® and its affiliated companies and should be read or retained only by the intended recipient. If you have received it in error, please notify the sender immediately and delete the original message.
