Friday, April 15, 2011

Let’s Go with the Web Application Scan… It is cheaper

Why a Manual Web Application Security Assessment is worth every penny over an automated tool.

Choosing the Assessment: As a Security Consultant for SecureState, I have performed my share of Web Application Security Assessments in the last couple of years, including both Assessments which relied heavily on Web Application Scanners to find vulnerabilities in the web application, as well as Assessments which relied primarily on manual techniques. There is a great difference between these two techniques for performing Web Application Assessments, and I believe that the Web Application Scanner based Assessments are of little value compared to Web Application Assessments that rely on manual techniques. Many times, when choosing a Web Application Assessment, a company will choose the cheapest Assessment available without truly understanding the Pros and Cons of each Web Application Security Assessment. It is important to realize the fact that the cheapest option is not always the best option.

Learn more at SecureState's new blog site

No comments: