Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
January 2003

Web application security scanners: How effective are they?

You're feeling pretty good about the security of your Internet-facing infrastructure. You've been diligent about vulnerability assessments and follow-up remediation to close the holes. Your last scan, using a commercial VA scanner or freeware, such as Nessus, revealed no known vulnerabilities. The only two IP addresses visible externally are your mail gateway and the load balancer for your Web servers. Then you start thinking about the corporate sales and procurement applications that reside behind ports 80 (HTTP) and 443 (SSL). VA scanners won't touch the possible security holes in these apps--and they almost surely have them. So, what to do? One course is to make use of a relatively new class of tools, Web application scanners, which are designed to find those holes. There are only a handful of products in this space. Information Security put two of them, Sanctum's AppScan and SPI Dynamics' WebInspect, through a demanding and broad series of tests to see if they perform as advertised. A third company, Kavado, which makes ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close