Web application security: automated scanning versus manual penetration testing
As Web applications become increasingly complex, tremendous amounts of sensitive data-including personal, medical and financial information-are exchanged and stored. Consumers expect and even demand that this information be kept secure. There are two primary methods for discovering Web application vulnerabilities: using manual penetration testing and code review or using automated scanning tools and static analysis. The purpose of this paper is to compare these two methods.