tag:blogger.com,1999:blog-6166163134010074991.post8279103486015773924..comments2023-06-18T12:06:25.641+08:00Comments on Writings on the wall: WebApp Security Test tool - IBM Rational AppScanSidneyhttp://www.blogger.com/profile/10694218135056032669noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6166163134010074991.post-75784864284846374592008-08-15T23:07:00.000+08:002008-08-15T23:07:00.000+08:00Great point about the feature claims. Good luck w...Great point about the feature claims. Good luck with your POC!Christopher M. Enseyhttps://www.blogger.com/profile/03091923690888013420noreply@blogger.comtag:blogger.com,1999:blog-6166163134010074991.post-1421990890066188872008-08-15T09:44:00.000+08:002008-08-15T09:44:00.000+08:00Chris, Thanks for the comments. Weird that the IBM...Chris, Thanks for the comments. Weird that the IBM consultant that came down to present the solution to us did not mention the code analyzer. Maybe the news haven't been pushed to this part of the world yet. <BR/><BR/>As for your second comment, I will certainly make a note of it during the POC stage. You have certainly reinforced my point on putting the products through a real world test in order to differentiate them. It's not about how many features a product (claim to) have but how well they are implemented!Sidneyhttps://www.blogger.com/profile/10694218135056032669noreply@blogger.comtag:blogger.com,1999:blog-6166163134010074991.post-65073036900799280372008-08-15T07:42:00.000+08:002008-08-15T07:42:00.000+08:00... also I would say its worth mentioning that App...... also I would say its worth mentioning that AppScan owns the IP for the scan engine that HP licenses for its product. If you look at the way WebInspect utilizes the engine the results are more prone to false positives and extraneous messages that will not assist in the security assessment process. The real richness of the two products comes down to speed of scanning and the quality of remediation information.Christopher M. Enseyhttps://www.blogger.com/profile/03091923690888013420noreply@blogger.comtag:blogger.com,1999:blog-6166163134010074991.post-19915671129595245112008-08-15T07:37:00.000+08:002008-08-15T07:37:00.000+08:00You might want to look at Rational software analyz...You might want to look at Rational software analyzer for the code scan part. We have a full integration with it in the Sept 08 release of AppScan Developers Edition which works as part of an eclipse or RAD plugin with all the same security and code quality testing features of both products.Christopher M. Enseyhttps://www.blogger.com/profile/03091923690888013420noreply@blogger.com