Want Rapid Feedback? Try a Web Application Security Scan

Tuesday, December 27, 2011

Brent Huston

E313765e3bec84b2852c1c758f7244b6

A web application security scan is a great way to get rapid feedback on the security and health of your web-based applications.

You can think of the web application scan as a sort of vulnerability assessment “lite”.

It leverages the power and flexibility of automated application scanning tools to do a quick and effective baseline test of your application.

It is very good at finding web server configuration issues, information leakage issues and the basic SQL injection and cross-site scripting vulnerabilities so common with attackers today.

This service fits particularly well for non-critical web applications that don’t process private information or for internal-facing applications with little access to private data.

It is a quick and inexpensive way to perform due diligence on these applications that aren’t key operational focal points.

Many of our clients have been using the application scanning service for testing second-line applications to ensure that they don’t have injection or XSS issues that could impact PCI compliance or other regulatory standings.

This gives them a less costly method for testing the basics than a full blown application assessment or penetration test.

While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information.

.Certainly, these deeper offerings find a great deal more vulnerabilities and they also often reveal subtle issues that automated scans will not identify.

Cross-posted from State of Security

Possibly Related Articles:
13351
Webappsec->General
Service Provider
XSS SQl Injection Application Security Vulnerability Assessments Penetration Testing Scanning Infosec
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.