tag:blogger.com,1999:blog-13756280.post5390444350551578491..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Rolling Reviews: N-StalkerJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-13756280.post-52873848351257672202007-09-17T12:20:00.000-07:002007-09-17T12:20:00.000-07:00I had a quick look at their Evaluation product a m...I had a quick look at their Evaluation product a month or two back and they really need(ed) to hire a User Interface Specialist. <BR/><BR/>I only got to run it against a VERY small web app but it returned all kinds of false positives. It didn't even correctly finger print the server (the server still had banners enabled).Rick (kingthorin)https://www.blogger.com/profile/09948691148221114568noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-49520698192658211612007-09-13T18:47:00.000-07:002007-09-13T18:47:00.000-07:00N-Stalker didn't actually do ANY fault injection t...N-Stalker didn't actually do ANY fault injection testing last time I looked.<BR/><BR/>SandCat did, and had some potential. I loved the log analyzer built in too. Why didn't more of the desktop scanners do this? Neat feature, cheap to built, useful for trending analysis and forensics.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-11094908834698064572007-09-07T09:29:00.000-07:002007-09-07T09:29:00.000-07:00Good to know, thanks Bob.Good to know, thanks Bob.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-3935581308736037102007-09-06T13:08:00.000-07:002007-09-06T13:08:00.000-07:00The one redeeming value of N-Stalker is it's very ...The one redeeming value of N-Stalker is it's very broad database of known issues. It is really quite bad about dealing with false positives, and if you have a site that responds with friendly file not found errors (including HTTP 200 OK responses), it's next to worthless. But for standard sites that happen to be running some obscure application that has a vulnerability, N-Stalker (and it's estranged sister Syhunt SandCat) are better than any other commercial app I've used at finding them.Bob Richhttps://www.blogger.com/profile/10624524087291307292noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-29431609966648371022007-09-05T06:43:00.000-07:002007-09-05T06:43:00.000-07:00Funny I tried N-Stalker last week, it did found mo...Funny I tried N-Stalker last week, it did found more then Acunetix, but I got way too much False Positives, about 500+ which where very annoying. I only tested the free edition.<BR/><BR/>Cheers,<BR/><BR/><BR/>Ronald<BR/>0x000000.comAnonymousnoreply@blogger.com