Highest Rated Comments


qutwutwut3 karma

What's IBM's managed appscan platform, and how does pricing compare to HP's Fortify On Demand? Where is the platform hosted, and which country typically performs the issue validation?

qutwutwut3 karma

Does IBM have an infrastructure vulnerability scanning tool? If it's QRadar VMS, what is the underlying scan engine- is it Nessus or Proventia?

qutwutwut3 karma

What's the scanning engine underneath the hood- Nessus or Proventia?

qutwutwut2 karma

How do your app testing dev and services teams feel about the OWASP Application Security Verification Standard (Version 2)- https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=Home

Do you think ASVSv2 provides a better way to guarantee the level or testing performed? Does AppScan scan to Level 1 by default if you supply it all user roles?

qutwutwut2 karma

Who performs the bulk of static app testing for your services teams- is it outsourced to India?