Watchfire AppScan is a software-based offering, which runs from theWindows platform. You may remember earlier versions of AppScan thatrequired a Linux-based server and were configured and run through a webbrowser. This is no longer the case. The utility is a slick nativeWin32 application, which is easy to install and navigate. The interfaceis broken into three panes and it is easy to navigate between the panesand to understand what each pane is used for. The utility, on access,checks for updates from the Watchfire server and the installation ofupdates requires only a click on a "next" button to get the updatesinstalled.
The tool performs the assessment in two phases. The first phasecrawls the website looking for the number of pages which can bediscovered. The next phase tests the discovered phases forvulnerabilities. The number of vulnerability checks is massive (22,183as of this writing) and this leads to a complete, but also a lengthy,test. The test clocked in at a little over 90 minutes to run againstthe PHP-based website with 156 URLs discovered. The test did report onefalse positive, a SQL injection vulnerability, which was fooled by thecustom error pages used by the website. The site does not run SQL, sothe vulnerability reported was a false positive. The AppScan utilityincludes a feature to send false positive results back to Watchfire forremediation in future updates of the product.
The installation of AppScan was as easy as can be expected. The needto click on "next" a few times was all that was necessary to completethe install. Anyone with a minimum level of knowledge should be able toinstall the product.
Other documentation is included electronically in the form of PDFfiles. The documentation is easy to follow and the layout is logicaland not necessary for most administrators.
Watchfire’s customer support team is accessible online via thecustomer support portal, via email, as well as through phone-basedservices. Watchfire’s technical support features unlimited technicalincidents.
The pricing for the AppScan offering, which starts at $14,400, wasin the middle of the price spectrum. The cost is justified since theoffering includes many useful features for users, as well as theinclusion of maintenance.