Submission + - Avg Web App Scanner Misses 49% Of Vulnerabilities (ckers.org) 1
seek3r writes: Report: Most Web Application Scanners Missed Nearly Half Of Vulnerabilities
According to a recent test of some of 6 web application security scanning products, the scanners missed an average of 49% of the vulnerabilities known to be on the test sites.
"NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%."
Is it any wonder that being PCI compliant is meaningless from a security point of view? You can perform a web app scan, check the box on your PCI audit and still have a security posture that is like swiss cheese on your web app!
According to a recent test of some of 6 web application security scanning products, the scanners missed an average of 49% of the vulnerabilities known to be on the test sites.
"NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%."
Is it any wonder that being PCI compliant is meaningless from a security point of view? You can perform a web app scan, check the box on your PCI audit and still have a security posture that is like swiss cheese on your web app!