Jeremiah provides us some interesting comments on the effectiveness of Web Application security scanners for specific types of vulnerabilities. I remember when I used to perform pen tests on web applications that some things were identified in a way that it woul be very hard to achieve the same results with an automated tool. I found very interesting results with blind SQL injection and just by looking at session tokens and realizing some kind of logic behind them. Automating these things will be very hard.
Grossman on Web App Vuln Scanners
Grossman on Web App Vuln Scanners
Grossman on Web App Vuln Scanners
Jeremiah provides us some interesting comments on the effectiveness of Web Application security scanners for specific types of vulnerabilities. I remember when I used to perform pen tests on web applications that some things were identified in a way that it woul be very hard to achieve the same results with an automated tool. I found very interesting results with blind SQL injection and just by looking at session tokens and realizing some kind of logic behind them. Automating these things will be very hard.