Identify Vulnerabilities with Application Scanning Tools

1 Reply

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

Now that systems administrators have learned to protect operating systems from attacks, hackers have turned to applications as a new and softer target

Hackers have shifted their strategy in recent years from attacking operating systems to attacking applications. After 10 years of attacking open ports and unprotected services, system administrators are doing a pretty decent job of “locking down” servers and firewalls so that only essential services are visible. Increasingly, those visible services are also patched so as to be invulnerable to attacks. Operating systems are no longer the “soft targets” that they used to be. Unable to penetrate servers through holes in exposed services, hackers have turned to attacking the applications running on those servers.

This article discusses common vulnerabilities present in Web applications, and two leading scanning tools, AppScan from Watchfire and WebInspect from SPI Dynamics, that can effectively identify these vulnerabilities.

Link to entire article here:

http://softwaremag.com/L.cfm?Doc=1058-5/2007

1 thought on “Identify Vulnerabilities with Application Scanning Tools

  1. Pingback: Chinese Hackers: no web site is 100% safe « Securitas Operandi™

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.