Automated Scanner vs. The OWASP Top Ten
Jeremiah Grossman (WhiteHat Security, Inc.) has written an interesting article on automated vulnerability scanners and the limitations of these tools in finding real life web application vulnerabilities .
The challenges of automated web application vulnerability scanning is a subject frequent debate. Specifically because most websites have vulnerabilities (a lot of them) and we need help finding them quickly. The point of contention revolves around what scanners are able to find, or not. Using the OWASP Top Ten as a foundation, I published a white paper describing in detail how scanners approach certain complex situations. There is some marketing-fu within the pages, but the majority of the is content rich. Enjoy! "Automated Scanner vs. The OWASP Top Ten" http://www.whitehatsec.com/home/assets/OWASPTop10ScannersF.pdf
If you enjoyed this post, make sure you subscribe to my RSS feed!
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Post Info
This entry was posted on Wednesday, January 10th, 2007 and is filed under Penetration Testing, Web Applications, Articles.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Great Wardialing Resource »
Next Post: NetBIOS NULL Sessions Explained »
Read More
Related Reading:- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
- OpenDNS Offers Free Web Content Filtering
- Can I Evade ScanSafe Anywhere+ ?
- Googlehacks and Anti-Googlehacks
