We use Retina for whole system scanning (http://www.eeye.com/solutions/business-need/web-application-protection) which also does XSS and SQL injection testing along with application/patch version checking (if configured with access via SSH). It takes a little bit to configure, but they do have training if you have the time/money. I would recommend as a very good tool - works in a heterogeneous network too (not just linux).
S On Wed, Mar 28, 2012 at 2:06 PM, Henrique de Miranda Gontijo <henri...@gontijo.org> wrote: > Hi guys, > > As far as automated scan tool for security and vulnerabilities in web apps, > have you used and suggest any alternatives for IBM AppScan? > > Cheers, > Henrique > "Tudo tem o seu tempo determinado, e há tempo para todo o propósito debaixo > do céu." Eclesiastes 3:1 > > -- > You received this message because you are subscribed to the Google Groups > "The Java Posse" group. > To post to this group, send email to javaposse@googlegroups.com. > To unsubscribe from this group, send email to > javaposse+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/javaposse?hl=en. -- my other quote is hilarious -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to javaposse@googlegroups.com. To unsubscribe from this group, send email to javaposse+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
