Product Information

WebInspect

starstarstarstar

June 01, 2004
SC Magazine Recommended
Website:

http://www.spidynamics.com

Price

Developer versions from $795 per seat, other versions from $4,000

RATING BREAKDOWN

  • Features:
    starstarstarstarstar
  • Ease of Use:
    starstarstarstarstar
  • Performance:
    starstarstarstarstar
  • Documentation:
    starstarstarstar
  • Support:
    starstarstarstarstar
  • Value for Money:
    starstarstar
  • Overall Rating:
    starstarstarstar

QUICK READ

  • Strengths:

    Ease of use, depth of scanning.

  • Weaknesses:

    Very little.

  • Verdict:

    A powerful tool for evaluating websites and web-based applications and services.

T he depth in which websites and web services are assessed by WebInspect and its clarity of vulnerability descriptions and suggested fixes is impressive. This is a great tool for those responsible for enterprise-level websites and web services.

WebInspect manages to be powerful and useful while remaining intuitive and easy to use. This is important as busy administrators want things up and running fast, but also want custom configuration as they become more experienced.

Users will benefit from the built-in policy templates and powerful scanning while they learn how to best shape the tool to their own requirements. It starts with the Scan Wizard, which allows you to choose between a web assessment (as in website URL), enterprise assessment (via a range of IP addresses), or web service assessment (via assessment of the WSDL file).

Next you may choose a comprehensive scan to map out a sites tree structure for later analysis or a step mode approach which follows you as you manually navigate the site.

An intuitive GUI shows vulnerabilities as they are discovered (in summary terms). It also provides an in-depth appraisal of each instance via the Information Pane, where there is a detailed description of the vulnerability in question with a recommended fix. The depth of this information varies according to the vulnerability found but it is often extensive. You can view the http request and response, details of methods used, and more.

The database of vulnerabilities is kept current via the Smart Update feature, and there is a Policy Manager where policies may be edited or created from scratch and agents can be created. You can also intuitively create virtually any report you can think of with a few mouse clicks. The reports are attractively formatted and easy to read.

WebInspect is well considered. Everything is where you expect it to be and everything works.

Reviews For This Vendor

SC Webcasts UK

Sign up to our newsletters

FOLLOW US