Educause Security Discussion mailing list archives
application vulnerability scanning solutions in use
From: "Shamblin, Quinn" <qrs () BU EDU>
Date: Tue, 23 Oct 2012 20:17:37 +0000
Hello All, A few questions related to application vulnerability scanning and management: * Do you have a program to ensure that applications are tested for vulnerabilities? o Is it embedded in the application QA or release process, or is scanning done once the app is in prod (or both)? o Who runs the tests? (Developers? QA? InfoSec personnel? Other?) * What tool do you use for static cost testing? * What tool do you use for dynamic code testing? o Do you credentialed scans or anonymous only? This question was cross posted to educause and Ren-Isac. I will post some de-identified statistical results back to both lists. Thanks all! Quinn R Shamblin ------------------------------------------------------------------------------------------------ Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP - O 617-358-6310 M 617-999-7523
Current thread:
- application vulnerability scanning solutions in use Shamblin, Quinn (Oct 23)