WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Environment for testing WebApp Security Scanners

From: mikeiscool <michaelslists () gmail com>
Date: Thu, 10 Aug 2006 08:19:57 +1000
On 8/9/06, c0redump () ackers org uk <c0redump () ackers org uk> wrote:

Nice idea, but no tool can substitute for a little common sense and manual
know how.  The way cookies like this would be implemented would vary
greatly, therefore any security scanner would still rely on signatures -
back to the problem at hand again.  If it doesn't have the signature/rule it
isn't going to pick it up.

Therefore, any web application tool out there, when used, should *always* be
followed up by a manual test.


I don't think anyone would disagree with that.



Just my two pence.

Tom Neaves


-- mic

-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB 
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: