Scribd Logo
Upload

Welcome to Scribd!

  • HP Webinspect Competitive Card

    Uploaded by

    Mohammad Ridho Abdillah
    52 views4 pages

    Original Title

    AppSec Battlecards

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    52 views4 pages

    HP Webinspect Competitive Card

    Uploaded by

    Mohammad Ridho Abdillah

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    HP WebInspect Competitive Card

    What Does HP WebInspect Do? HP WebInspect Strengths Trap questions for Prospects
    1.http://www8.hp.com/us/en/soft 1. Magic Quadrant Leader (#1) 1. Why didn’t HPE keep their
    ware-solutions/webinspect- 2. Large Enterprise Customers software business intact if it only
    dynamic-analysis-dast/ 3. DAST, SAST, IAST, RASP offerings required “a few tweaks to grow its
    2. Automated dynamic testing and 4. Flexible deployments in-house, profits”?
    static analysis tool for finding and managed service, or hybrid 2. How does the spin-off of most
    prioritizing weaknesses. of their software operations to
    3. Part of $8.8B Micro Focus –HPE Micro Focus affect relative future
    Spin-off and the overall health of the Web
    4. Less focus on DAST – more Application Security space?
    focus on SAST Rapid7 Strengths
    1. Ease of use
    2. Higher percentage of
    Pricing Thoughts Modern Application support
    1. Named User - $29.5K 3. Interactive, “Live” Reports
    Customer Stories
    2. Concurrent User- $36.9K 4. Attack Replay built-in reports
    Please contact Rapid7 for
    3. Express - $15K (10 apps max)
    customer reference info
    IBM AppScan Competitive Card
    What Does IBM AppScan Do? IBM AppScan Strengths Trap questions for Prospects
    1.http://www.ibm.com/software/pr 1. IBM Global Services 1. With IBM having less focus on
    oducts/en/appscan 2. Gartner MQ Leader (#3) App Security Testing, why is
    2. DAST (WatchFire); SAST 3. DAST & SAST offering AppScan used as a bargaining
    (OunceLabs); MSSP (ISS) 4. IBM AppScan “Glassbox” (IAST chip; many times given away at
    3. Touts self as leader in the ability concept) for JAVA and .NET only zero cost? IBM’s strength is
    to execute QRadar and Rational
    4. Cognitive Security through Watson 2. Is Mobile app and API
    (via IBM QRadar) scanning with DAST important?
    IBM only supports this w/SAST.
    Pricing Thoughts Rapid7 Strengths 3. According to Gartner, which
    1. Standard (single user/single 1. More sophistication on Modern DAST solution has been
    install) - $11K Applications (REACTJS, JSON, replaced the most? IBM’s!
    2. Floating user - $8.9K ANGULARJS, SPA)
    3. Perpetual - $12.5K 2. Requires less upfront training and
    configuration of the scanner Customer Stories
    4. IBM offers an expensive DAST-as-
    3. Superior DAST solution Please contact Rapid7 for
    a-Service as an add-on to other
    4. Checkmarx Partnership for SAST customer reference info
    services
    Acunetix Competitive Card
    What Does Acunetix Do? Acunetix Strengths Trap questions for Prospects
    1.http://www.acunetix.com/vulne 1. A “good enough” solution 1. Do you have a need to scan API’s
    rability-scanner
    2. Scanning traditional apps and because Acunetix makes this a very
    2. Acunetix Web Vulnerability producing similar AS results difficult task? It does a fair job at
    Scanner (WVS) run on-premises scanning SOAP (.wsdl) and some of
    3. Approx 20% of install base utilizes
    3. Acunetix Online Vulnerability Acunetix integrated IAST capability - REST (.wadl – who is using this?)
    (OVS) from its console in the cloud AcuSensor but is unable to handle
    (built on AWS) .JSON files.
    4. Now delivering Manual Pen Testing
    4. More traditional crawl & audit Tools (HTTP editor, fuzzer and sniffer 2. Is price more important to your
    name/value pair analysis tools) at no cost. organization than the high rate of
    false positives?
    Pricing Thoughts Rapid7 Strengths 3. Do you prefer an automated
    1. Cheaper 1. Enterprise deployments - way or more of a manual way to
    2. Standard (2 concur)- $2.5K Acunetix doesn’t really have an test Swagger REST API?
    3. Pro (5 concur) - $3.5K Enterprise offering
    2. Complex Apps – at times Acunetix Competitive Stories
    4. Enterprise (10 concur/3 user) -
    struggle crawling Modern apps Please contact Rapid7 for
    $7K
    further competitive info
    Whitehat Competitive Card
    What Does Whitehat Do? Whitehat Strengths Trap questions for Prospects
    1. Provider of DAST-as-a-Service 1. SAST and DAST services are scalable 1. Does Whitehat have cost
    2. SAST-as-a-Service using an on- 2. Broad WAF integration effective DAST services for lower
    premise appliance to keep scanning 3. Live chat with security engineer end of market?
    local 4. Heavy on the Consultative, light on 2. Why was Whitehat ranked near
    3. Services-based Only delivery the Technology – not sure if this is a the bottom in services and support
    model strength. capabilities?
    4. No On-Premise solution 5. 2FA as part of MSSP 3. Does Whitehat offer a path to an
    on-premise solution?
    Rapid7 Strengths 4. What is the turn-around time for
    Pricing Thoughts 1. Strong service and support both Automated Scanning and
    1. Costly expense offerings – capabilities Manual analysis and verification
    increasing YOY offerings 2. Universal Translator provides after you have provided URLs? 3-5
    2. Single app - $24K/yr coverage across new and complex web days for Rapid7
    3. WhiteHat Security allows the apps
    3. Ease of use Customer Stories
    customers to modify some 10%
    4. Interactive Reporting Please contact Rapid7 for
    of their apps per quarter.
    5. Superior Product technology customer reference info

    You might also like