[WEB SECURITY] In depth security scanning versus breadth based
Bil Corry
bil at corry.biz
Thu Jul 9 15:02:27 EDT 2009
bugtraq at cgisecurity.net wrote on 7/9/2009 12:47 PM:
> - Better tool integration, and education on what tools CAN/CANNOT be used for. Again this will vary on a per app basis
> and will require a customization phase in almost every situation.
Ed Bellis has an interesting tool called Conduit [1] that will import the results from a variety of VA tools and "normalize" their results into a common format, which can then be confirmed and imported into bug tracking/QA systems for remediation. There's a video of him talking about it at SnowFROC09 where is explains how it grew out of a need at Orbitz to better manage, track and remediate security issues in web apps, networks and databases [2].
- Bil
[1] https://conduit.honeyapps.com/
[2] http://video.google.com/videoplay?docid=-8396241750899139680
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list