WebAppSec Product Review - Paros ProVendor:MileScan
Application: Paros Pro Desktop Version 1.9.12
Price Paid: Under $1500
Date of Purchase: August 15, 2011
Date of Review: January 25, 2012
Coverage: Caveat Emptor, Caveat Venditor
“ParosPro is a web security tool that allows companies and IT Professionals to assess the security of their web applications. The ParosPro provides a feature rich environment that allows companies to perform assessments based on plug-ins designed to target various security vulnerabilities. Plug-ins can be updated via the update manager that is included with the ParosPro to ensure that your ParosPro is always up to date with the latest threats.”
A Buyers PerspectiveParos Pro - Desktop Version 1.9.12 was licensed in August 2011 after reading various reviews on SecTools and here. Doubting the results, we benchmarked the Tool based on over 50 CVE’s.
Testbed -> W2k8R2/64bit VM loaded with Paros Pro Desktop 1.9.12 configured to point and shoot at a vulnerable versions of Plesk CPanel for Windows V10.4.x.
On August 25, 2011, 10 days after purchase, we assembled our standard “Lack of Coverage” (LoC) e-mail detailing points at which the tool failed to fingerprint documented Unforgivable Vulnerabilities, asking for a Vendor response.
On December 9, 2011, we again wrote to Milescan, failing to have received a response after more than 3 months, questioning if MileScan still existed.
On December 12, 2011, we received a response from Sally Cheung of Milescan, apologizing for the delay, writing that “we are rewriting the core part of our software, it may take longer than expected to address the findings you raised.”
On December 28, 2012, MileScan released a subsequent upgrade for Paros Pro Desktop Edition Version 1.9.5.