Web Application Security: Automated Scanning versus Manual Penetration Testing

Web Application Security: Automated Scanning versus Manual Penetration Testing

Research has shown that a vast number of Web sites are vulnerable to Web application attacks and that a great percentage of these attacks occur over the HTTP/S protocols, ports that are often exposed to the entire online community. With these facts in mind, it's essential for organizations to take serious measures to help secure their Web applications. As Web applications become increasingly complex, tremendous amounts of sensitive data--including personal, medical and financial information--are exchanged and stored. Consumers expect and even demand that this information be kept secure. This paper explains the two primary methods for discovering Web application vulnerabilities: using manual penetration testing and code review or using automated scanning tools and static analysis.


Danny Allan Strategic Research Analyst, IBM Software Group
11 Dec 2008
11 Dec 2008
8 Page(s)
White Paper
Already a Bitpipe member? Login here

Download this White Paper!

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor