[WEB SECURITY] In depth security scanning versus breadth based

Bil Corry bil at corry.biz
Thu Jul 9 15:02:27 EDT 2009

bugtraq at cgisecurity.net wrote on 7/9/2009 12:47 PM: 
> - Better tool integration, and education on what tools CAN/CANNOT be used for. Again this will vary on a per app basis
>   and will require a customization phase in almost every situation.

Ed Bellis has an interesting tool called Conduit [1] that will import the results from a variety of VA tools and "normalize" their results into a common format, which can then be confirmed and imported into bug tracking/QA systems for remediation.  There's a video of him talking about it at SnowFROC09 where is explains how it grew out of a need at Orbitz to better manage, track and remediate security issues in web apps, networks and databases [2].

- Bil

[1] https://conduit.honeyapps.com/
[2] http://video.google.com/videoplay?docid=-8396241750899139680

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list