Identify Vulnerabilities with Application Scanning Tools

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

Now that systems administrators have learned to protect operating systems from attacks, hackers have turned to applications as a new and softer target

Hackers have shifted their strategy in recent years from attacking operating systems to attacking applications. After 10 years of attacking open ports and unprotected services, system administrators are doing a pretty decent job of “locking down” servers and firewalls so that only essential services are visible. Increasingly, those visible services are also patched so as to be invulnerable to attacks. Operating systems are no longer the “soft targets” that they used to be. Unable to penetrate servers through holes in exposed services, hackers have turned to attacking the applications running on those servers.

This article discusses common vulnerabilities present in Web applications, and two leading scanning tools, AppScan from Watchfire and WebInspect from SPI Dynamics, that can effectively identify these vulnerabilities.

Link to entire article here:

http://softwaremag.com/L.cfm?Doc=1058-5/2007

Advertisements

One thought on “Identify Vulnerabilities with Application Scanning Tools

  1. Pingback: Chinese Hackers: no web site is 100% safe « Securitas Operandi™

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s