You can't secure what you don't acknowledge.SM

Friday, July 25, 2008

Saved by using multiple Web scanners...again.

I'm in the middle of a project analyzing the security of an e-commerce system. I found a lot of good stuff using WebInspect including one cross-site scripting flaw. However, the cross-site scripting issue was a little lame and next to impossible to re-create. So I decided to turn Acunetix Web Vulnerability Scanner loose on it just to see what it could find. Low and behold...four more cross-site scripting vulns! Wow.

Like I've said before, if you're going to uncover the most Web security flaws you've got to use multiple tools.

No comments:

Post a Comment