A couple weeks ago, Jeremiah Grossman put together a survey for web application security professionals, and now the results are posted.
There were 17 questions, ranging from your general background to rating web vulnerability scanners. There were some funny questions like the HackerSafe one… Safe from Hackers, Safe for Hackers, or Other?
Jeremiah also posted his thoughts on the results on his blog.
The full report is also online thanks to Robert "RSnake" Hansen. It also has all the comments from the web application security professionals survey, and they are quite interesting to read. Thanks to Jeremiah for putting together the survey, and thanks to all that participated.
Visto en infosecevents.net
Link relacinados:
Question #7
I purposely kept the term “vulnerability scanner” vague to see how they performed as an entire category. It doesn’t appear that vulnerability scanners have improved much or at least peoples impressions of them since the last survey. They performed dismally in Web 2.0 technologies including Ajax, Flash, and Web services. What surprised me is how well the scanners performed in the persistent XSS category, on par with the non-persistent. I can’t say I agree, but it is what it is. Could be an artifact that people don’t understand the difference and figure if the tool didn’t find it that its not there. The other interesting thing is that developers have a better opinion of scanners than security vendors and enterprise professionals.I plan on digging into this area even more in the future and separate out scanner types, asking for product names, and overall impressions.
No hay comentarios:
Publicar un comentario