Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RE: Re; Comparison report on web app security scanners

from [Martin O'Neal] Network Security [Permanent Link]
Subject: RE: RE: Re; Comparison report on web app security scanners
Date: Mon, 15 May 2006 11:18:36 +0100 


I agree with your comments, especially on the 
part that scanners can hardly find design flaw.


This is a general problem with all the rule-based automated tools (both
infrastructure & app), and is more of a result of the gulf between what
the sales & marketing people would like them to do (bad dog!), and what
is really possible with an automated tool.  

Automated tools are essential for making the assessment process
achievable in a reasonable period of time, and are an important part of
the process, however (and it is a big however) they should never be seen
as being "the process" in themselves.

The obvious pieces that you don't get from all automated tools that I
have seen are context and experience.  These are the bits that are
supplied by the knowledgeable wetware that should be driving the tools.

Martin...




----------------------------------------------------------------------
CONFIDENTIALITY:  This e-mail and any files transmitted with it are
confidential and intended solely for the use of the recipient(s) only.
Any review, retransmission, dissemination or other use of, or taking
any action in reliance upon this information by persons or entities
other than the intended recipient(s) is prohibited.  If you have
received this e-mail in error please notify the sender immediately
and destroy the material whether stored on a computer or otherwise.
----------------------------------------------------------------------
DISCLAIMER:  Any views or opinions presented within this e-mail are
solely those of the author and do not necessarily represent those
of Corsaire Limited, unless otherwise specifically stated.
----------------------------------------------------------------------
Corsaire Limited, 3 Tannery House, Tannery Lane, Send, Surrey, GU23 7EF
Telephone: +44(0)1483-226000  Email:info@corsaire.com


-------------------------------------------------------------------------
Sponsored by: Watchfire

Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web 
application security assessments should be considered a crucial phase in 
the development of any web application. What methodology should be 
followed? What tools can accelerate the assessment process? 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: Re; Comparison report on web app security scanners, ma . huijuan
Next by Date:  MYSQL and PHP, John Madden
Previous by Thread:  Re: RE: Re; Comparison report on web app security scanners, ma . huijuan
Next by Thread:  MYSQL and PHP, John Madden
Indexes:  [Date] [Thread] [Top] [All Lists]