Review: AppScan 7.5

For: Easy on administrators and contains a solid user interface.
Against: One false positive detected
Verdict: Easy to install and easy to use, this product works well for overburdened IT staffs.

This is no longer the case. The utility is a slick native Win32 application, which is easy to install and navigate. The interface is broken into three panes and it is easy to navigate between the panes and to understand what each pane is used for.

The utility, on access, checks for updates from the Watchfire server and the installation of updates requires only a click on a "next" button to get the updates installed.

The tool performs the assessment in two phases. The first phase crawls the website looking for the number of pages which can be discovered. The next phase tests the discovered phases for vulnerabilities. The number of vulnerability checks is massive (22,183 as of this writing) and this leads to a complete, but also a lengthy, test.

The test clocked in at a little over 90 minutes to run against the PHP-based website with 156 URLs discovered. The test did report one false positive, a SQL injection vulnerability, which was fooled by the custom error pages used by the website.

The site does not run SQL, so the vulnerability reported was a false positive. The AppScan utility includes a feature to send false positive results back to Watchfire for remediation in future updates of the product.

The installation of AppScan was as easy as can be expected. The need to click on "next" a few times was all that was necessary to complete the install. Anyone with a minimum level of knowledge should be able to install the product.

Other documentation is included electronically in the form of PDF files. The documentation is easy to follow and the layout is logical and not necessary for most administrators.

Watchfire’s customer support team is accessible online via the customer support portal, via email, as well as through phone-based services. Watchfire’s technical support features unlimited technical incidents.

The pricing for the AppScan offering, which starts at US$14,400, was in the middle of the price spectrum. The cost is justified since the offering includes many useful features for users, as well as the inclusion of maintenance.

applicationassessmentsecuritytestingvulnerability