Web App Scanners Miss Half of Vulnerabilities - Slashdot

Slashdot

Web App Scanners Miss Half of Vulnerabilities 68

Posted by kdawson on Saturday February 06 2010, @04:57PM
from the hey-we-caught-half-too dept.

seek3r sends news of a recent test of six web application security scanning products, in which the scanners missed an average of 49% of the vulnerabilities known to be on the test sites. Here is a PDF of the report. The irony is that the test pitted each scanner against the public test files of all the scanners. This reader adds, "Is it any wonder that being PCI compliant is meaningless from a security point of view? You can perform a Web app scan, check the box on your PCI audit, and still have the security posture of Swiss cheese on your Web app!" "NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%."

This discussion has been archived. No new comments can be posted.

Web App Scanners Miss Half of Vulnerabilities

Search 68 Comments Log In/Create an Account

Comments Filter:

Re:Every system is different (Score:3, Funny)

by truthsearch (249536) writes: on Saturday February 06 2010, @05:13PM (#31047924) Homepage Journal

When I first quickly ran through the summary I read that as "I pity the scanner". After re-reading the summary it seems appropriate.

Parent Share
twitter facebook
Re:Whitehat Security (Score:5, Funny)

by ls671 (1122017) * writes: on Saturday February 06 2010, @05:40PM (#31048102) Homepage

> There seems to be a little bit of a disconnect between the sales force and the operations team
No kidding, I can't believe that such a company exists ;-)))

Parent Share
twitter facebook
Simple fix: double the reported value (Score:3, Funny)

by noidentity (188756) writes: on Saturday February 06 2010, @06:06PM (#31048234)

If these scanners report only half the vulnerabilities, they just need to double the reported number. Simple fix, really.

Share
twitter facebook
Re:Web apps make it so easy to be insecure. (Score:1, Funny)

by madddddddddd (1710534) writes: on Saturday February 06 2010, @06:50PM (#31048546)

Even after well over a decade, PHP still makes is too damn easy to write code.
fixed that for you....

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

995 commentsZimmerman Charged With 2nd-Degree Murder
910 commentsIn Nothing We Trust
811 commentsTSA's mm-Wave Body Scanner Breaks Diabetic Teen's $10K Insulin Pump
743 comments$60 Light Bulb Debuts On Earth Day
734 commentsWindows 8 Won't Play DVDs Unless You Pay For the Media Center Pack

I know you're in search of yourself, I just haven't seen you anywhere.