7MS #247: Webapp Pentest Tool Bake-Off - Part 4
Today's battle for a Webapp pentest tool bake-off winner ends today with a brief look at...
Qualys
-
I like that it has a suite of vuln-scanning tools somewhat in the vein of Rapid 7's family of products
-
The Webapp scanner seems very functional, but interface is kind of cluttered and a little intimidating for newbs.
-
I love their SSL Labs tool!
-
The LAN-side version of their Webapp scanner is a downloadable VM rather than a package you can just install on a workstation machine.
-
Pricing seems average-to-low in comparison with the other tools I evaluated (Appspider/Netsparker/Acunetix).
-
I don't really like the idea of partnering with a company that offers a Webapp scanning tool in a mix of other tools because I question what the support/service chain will be like and how quickly my issues will be attention. Netsparker, in contrast, only makes Netsparker, which I like.