Security Scanning Info

SANS Survey on Application Security Programs and Practices

by Jim Bird and Frank Kim

It appears that enterprise awareness of application security issues has become fairly standard. This survey addresses the state of application security and the major hurdles to implementing an effective program.

Appsec Testing for NT OBJECTives Also Includes Speaking Fluent WAF

by Wendy Nather

“Virtual patching” can be both easy and hard to do, but NT OBJECTives aims to build a tighter bridge between application security testing results and their mitigation.

Link Web Application Firewalls to Dynamic Application Security Testing Tools

by Neil MacDonald

Why can’t the web application security testing tool simply exchange knowledge of the vulnerability with the firewall in a standardized way?

Are Web Application Security Testing Tools a Waste of Time and Money?

by Neil MacDonald

A tool cannot solve what fundamentally is a process problem. A tool can help us to scale the process, make testing more efficient and to make it repeatable, but we must address the process problem first.

The Market for Dynamic Application Security Testing is Anything but Static

by Neil MacDonald

DAST solutions must and have evolved well beyond the security testing of back-end web applications. In order to dynamically test the next-generation of applications, new DAST capabilities are required and not all vendors support them equally.

Accuracy and Time Costs of Web Application Security Scanners

by Larry Suto

In an attempt to objectively test and quantify the effectiveness of web application vulnerability assesment tools, Larry Suto researched the accuracy and time needed to run, review, and supplement the results of the of the following web application scanners: Accunetix, Appscan by IBM, BurpSuitePro, Hailstorm by Cenzic, WebInspect by HP, NTOSpider by NT OBJECTives as well as the Qualys managed scanning service.

Analyzing the Effectiveness of Web Application Firewalls

by Larry Suto

This study evaluated the effectiveness of Web Application Firewalls (WAFs) and Intrusion Prevention System (IPS) devices at protecting web applications against external attacks in comparison to each other. In addition, this study provides general guidelines about the ease of use, and factors affecting the effectiveness of web application protection solutions.