WebApp Sec mailing list archives
RE: RE: Re; Comparison report on web app security scanners
From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Mon, 15 May 2006 11:18:36 +0100
I agree with your comments, especially on the part that scanners can hardly find design flaw.
This is a general problem with all the rule-based automated tools (both infrastructure & app), and is more of a result of the gulf between what the sales & marketing people would like them to do (bad dog!), and what is really possible with an automated tool. Automated tools are essential for making the assessment process achievable in a reasonable period of time, and are an important part of the process, however (and it is a big however) they should never be seen as being "the process" in themselves. The obvious pieces that you don't get from all automated tools that I have seen are context and experience. These are the bits that are supplied by the knowledgeable wetware that should be driving the tools. Martin... ---------------------------------------------------------------------- CONFIDENTIALITY: This e-mail and any files transmitted with it are confidential and intended solely for the use of the recipient(s) only. Any review, retransmission, dissemination or other use of, or taking any action in reliance upon this information by persons or entities other than the intended recipient(s) is prohibited. If you have received this e-mail in error please notify the sender immediately and destroy the material whether stored on a computer or otherwise. ---------------------------------------------------------------------- DISCLAIMER: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of Corsaire Limited, unless otherwise specifically stated. ---------------------------------------------------------------------- Corsaire Limited, 3 Tannery House, Tannery Lane, Send, Surrey, GU23 7EF Telephone: +44(0)1483-226000 Email:info () corsaire com ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h --------------------------------------------------------------------------
Current thread:
- Re; Comparison report on web app security scanners jack.jonburg (May 12)
- <Possible follow-ups>
- RE: Re; Comparison report on web app security scanners Holger.Peine (May 15)
- Re: RE: Re; Comparison report on web app security scanners ma . huijuan (May 15)
- RE: RE: Re; Comparison report on web app security scanners Martin O'Neal (May 15)