Web App Scanners Miss Half of Vulnerabilities - Romanian Security Team

begood · 02-06-2010, 10:20 PM

seek3r sends news of a recent test of six web application security scanning products, in which the scanners missed an average of 49% of the vulnerabilities known to be on the test sites. [Doar userii inregistrati pot vedea linkurile. ]. The irony is that the test pitted eah scanner against the public test files of all the scanners. This reader adds, "Is it any wonder that being PCI compliant is meaningless from a security point of view? You can perform a Web app scan, check the box on your PCI audit, and still have the security posture of swiss cheese on your Web app!"

"NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%."

begood · 02-07-2010, 08:17 AM

am i missing something ? trebuie sa discuti cu ei prin mail pentru a pune mana pe o versiune de NTOSpider ?

jiji · 02-07-2010, 08:56 AM

f interesant pdf-ul..nici pe torente nu se gaseste nto( For an eval of the software and pricing, please email [Doar userii inregistrati pot vedea linkurile. ]).

Krisler12 · 02-07-2010, 10:52 AM

dar celelalte (in afara de acunetix) ? le are careva ? please share !

Pe ce torrente cautati voi de le-ati gasit macar pe restu ca eu am cautat pe isohunt si nimic...? Ce siteuri de torrent stiti ? (Dar de aste bune nu porcarii romanesti care se chinuiesc sa imite strainii !).

Multumesc anticipat !

pyth0n3 · 02-09-2010, 08:10 PM

Quote:

Originally Posted by Krisler12

dar celelalte (in afara de acunetix) ? le are careva ? please share !

Pe ce torrente cautati voi de le-ati gasit macar pe restu ca eu am cautat pe isohunt si nimic...? Ce siteuri de torrent stiti ? (Dar de aste bune nu porcarii romanesti care se chinuiesc sa imite strainii !).

Multumesc anticipat !

AppScan [Doar userii inregistrati pot vedea linkurile. ]
Not tested !

02-06-2010, 10:20 PM	#1 (permalink)
begood Moderator Cultul betivilor Join Date: Jun 2008 Posts: 1,413 Rep Power: 3	Web App Scanners Miss Half of Vulnerabilities hotel regim hotelier hotel yahoo domain seek3r sends news of a recent test of six web application security scanning products, in which the scanners missed an average of 49% of the vulnerabilities known to be on the test sites. [Doar userii inregistrati pot vedea linkurile. ]. The irony is that the test pitted eah scanner against the public test files of all the scanners. This reader adds, "Is it any wonder that being PCI compliant is meaningless from a security point of view? You can perform a Web app scan, check the box on your PCI audit, and still have the security posture of swiss cheese on your Web app!" "NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%."

02-07-2010, 10:52 AM	#4 (permalink)
Krisler12 Registered user Bautor de gin Join Date: Jan 2010 Posts: 191 Rep Power: 1	dar celelalte (in afara de acunetix) ? le are careva ? please share ! Pe ce torrente cautati voi de le-ati gasit macar pe restu ca eu am cautat pe isohunt si nimic...? Ce siteuri de torrent stiti ? (Dar de aste bune nu porcarii romanesti care se chinuiesc sa imite strainii !). Multumesc anticipat !

Last edited by Krisler12; 02-07-2010 at 11:15 AM.

02-07-2010, 08:17 AM	#2 (permalink)
begood Moderator Cultul betivilor Join Date: Jun 2008 Posts: 1,413 Rep Power: 3	am i missing something ? trebuie sa discuti cu ei prin mail pentru a pune mana pe o versiune de NTOSpider ?

02-07-2010, 08:56 AM	#3 (permalink)
jiji Registered user Bautor de ceai Join Date: Dec 2009 Posts: 23 Rep Power: 0	f interesant pdf-ul..nici pe torente nu se gaseste nto( For an eval of the software and pricing, please email [Doar userii inregistrati pot vedea linkurile. ]).