Web Application Security: Automated Scanning versus Manual Penetration Testing

Web Application Security: Automated Scanning versus Manual Penetration Testing

Cover
Research has shown that a vast number of Web sites are vulnerable to Web application attacks and that a great percentage of these attacks occur over the HTTP/S protocols, ports that are often exposed to the entire online community. With these facts in mind, it's essential for organizations to take serious measures to help secure their Web applications.

As Web applications become increasingly complex, tremendous amounts of sensitive data-including personal, medical and financial information-are exchanged and stored. Consumers expect and even demand that this information be kept secure. There are two primary methods for discovering Web application vulnerabilities: using manual penetration testing and code review or using automated scanning tools and static analysis. The purpose of this paper is to compare these two methods.

Author

Danny Allan Strategic Research Analyst, IBM Software Group
Vendor:
IBM
Posted:
13 Feb 2009
Published:
13 Feb 2009
Format:
PDF
Length:
8 Page(s)
Type:
White Paper
Language:
English
Already a Bitpipe member? Login here

Download this White Paper!

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy