SC Magazine Names Best Buy Winner for Application Vulnerability Assessment Tool

On April 21, SC Magazine named the Best Buy winner to the application vulnerability assessment tool vendor.  The independent review took a look at 7 vendors and gave an overall start rating as well as a summary of their positive and negative attributes.  See the table below for an overview of the report. 

As you can see, the Best Buy Winner was awarded to Cenzic’s Hailstorm Enterprise ARC 5.5.  The product had no negative attributes associated with it. 

Vendor	SC Mag Positive Review	SC Mag Negative Review
Application Security, Inc’s DbProtect 2007	Flexible configuration options. Impressive enterprise-class integration with other DbProtect components.	May preclude some who have web application needs.
Cenzic Hailstorm Enterprise ARC 5.5	Integration with VMware is a unique and useful feature.	None that we found.
Fortify Source Code Analysis Suite 4.5	Powerful analysis of source code. Solid documentation with an emphasis on workflow and secure coding best practices.	The various components have a disparate look and feel. Non-coders should steer clear from code analysis tasks from a usability perspective.
HP Webinspect 7.7	Powerful scanning engine. Robust set of features that continue to evolve.	Higher price for not having true enterprise capabilities out of the box.
IBM’s Rational AppScan 7.7	Powerful scanning engine. Robust set of options. Excellent documentation.	True enterprise management, requires the purchase of additional AppScan products.
iSEC Partners Security QA Toolbar	Small footprint and low administrative overhead for QA teams who need to validate the most common application vulnerabilities.	Very high price for a browser-based toolbar. Lack of documentation and support.
Ounce Labs 5.0	Good performance with many useful features. Very detailed technical results.	The Security Analyst user interface can feel overcrowded at times depending on which perspective you are using to view the information.