iSEC Partners Security QA Toolbar
Strengths: Small footprint and low adminstrative overhead for QA teams who need to validate the most common application vulnerabilities.
Weaknesses: Very high price for a browser-based toolbar. Lack of documentation and support.
Verdict: QA teams who are looking for a specific subset of testing features in a lightweight product may find the niche functionality of the toolbar worth a look.
SummaryiSEC Partners Security QA Toolbar is a browser-based add-in for Internet Explorer, and is used to perform web application vulnerability testing directly within the browser environment. Direct integration as a toolbar is designed to assist quality assuarance personnel with web application testing.
Installation of the toolbar is straightforward and quick. On restart of the browser, the toolbar appears with several interactive buttons that launch a handful of common web application vulnerability tests. All tasks, from licensing to running reports, are handled directly within the toolbar itself.
We experienced some intermittent problems using the Security QA Toolbar during a few of the tests. Also, the update feature was not working for version 2.0 at the time of testing. Despite the hurdles, it did successfully identify several common and critical web application vulnerabilities and produced detailed findings, including some nice graphs.
Unfortunately, we were not able to research or identify what may have caused our testing issues since documentation for the Security QA toolbar is non-existent. Some information is available within the reporting feature, including descriptions of the vulnerabilities, but the Toolbar does not come with any installation, use or configuration documentation.
From a support perspective, the Toolbar component is straightforward and should be easy to understand for most testers. Although the iSEC Partners website does not have a dedicated support link, and the only phone number listed for the organization is the general information number, they do ensure that support is offered with the purchase of the QA Toolbar.
Pricing for the Security QA Toolbar starts at $1,500 per seat for unlimited scanning. 10 licenses: $12,000. 20 licenses: $22,500. Site license: $55,000/yr for unlimited seats and scanning. We found the overall pricing to be very steep given the lack of documentation and support.