achave11-ucsc
commented
3 months ago Assignee to provide description and consider next steps.
Open achave11-ucsc opened 3 months ago
achave11-ucsc
commented
3 months ago Assignee to provide description and consider next steps.
hannes-ucsc
commented
2 months ago Dockstore is taking the lead on this. Assignee to coordinate meeting with Dockstore team so we can learn which product they picked and how it worked out for them.
nolunwa-ucsc
commented
2 months ago Comparison
Burp Suite Dastardly Free to use Integrates with CI/CD Outputs in JUnit XML Max run length of 10 minutes Doesn’t support authenticated scans
Burp Suite Community Edition Free to use Standalone application HTML/XML reporting Manual scanning Doesn’t support authenticated scans
Burp Suite Professional $449 / year Standalone application HTML/XML reporting Automated and manual scanning tooling Supports authenticated scans
Burp Suite Enterprise Pricing by inquiry (inquired Sep 8) SaaS application, web dashboard Automatically crawl multiple sites HTML/XML Tenable Nessus Expert $5990 / year (Nessus Pro does not do WAS) SaaS application Additionally configurable to scan cloud infrastructure
Tenable Web Application Scanning $5250 / year 5 FQDN (We need 2 or 3?) AnVIL explorer, HCA, Dockstore
Zed Attack Proxy (ZAP) Free (open source) Standalone or CI/CD integrated Manual and automated scan Authenticated scans Scriptable https://www.zaproxy.org/docs/desktop/start/features/sessionmanagement/#sbsm
nolunwa-ucsc
commented
2 months ago David ran web app scanner to test on data.humancellatlas.org using OWASP ZAP. The goal to test the authenticated scan capability and also compare scan output with Invicti
ITS will cease to support us with vulnerability scanning so we need to come up with a replacement.