WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RE: Re; Comparison report on web app security scanners

From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Mon, 15 May 2006 11:18:36 +0100


I agree with your comments, especially on the 
part that scanners can hardly find design flaw.


This is a general problem with all the rule-based automated tools (both
infrastructure & app), and is more of a result of the gulf between what
the sales & marketing people would like them to do (bad dog!), and what
is really possible with an automated tool.  

Automated tools are essential for making the assessment process
achievable in a reasonable period of time, and are an important part of
the process, however (and it is a big however) they should never be seen
as being "the process" in themselves.

The obvious pieces that you don't get from all automated tools that I
have seen are context and experience.  These are the bits that are
supplied by the knowledgeable wetware that should be driving the tools.

Martin...




----------------------------------------------------------------------
CONFIDENTIALITY:  This e-mail and any files transmitted with it are
confidential and intended solely for the use of the recipient(s) only.
Any review, retransmission, dissemination or other use of, or taking
any action in reliance upon this information by persons or entities
other than the intended recipient(s) is prohibited.  If you have
received this e-mail in error please notify the sender immediately
and destroy the material whether stored on a computer or otherwise.
----------------------------------------------------------------------
DISCLAIMER:  Any views or opinions presented within this e-mail are
solely those of the author and do not necessarily represent those
of Corsaire Limited, unless otherwise specifically stated.
----------------------------------------------------------------------
Corsaire Limited, 3 Tannery House, Tannery Lane, Send, Surrey, GU23 7EF
Telephone: +44(0)1483-226000  Email:info () corsaire com


-------------------------------------------------------------------------
Sponsored by: Watchfire

Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process?
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: