[WEB SECURITY] In depth security scanning versus breadth based

Bil Corry bil at corry.biz
Thu Jul 9 15:02:27 EDT 2009


bugtraq at cgisecurity.net wrote on 7/9/2009 12:47 PM: 
> - Better tool integration, and education on what tools CAN/CANNOT be used for. Again this will vary on a per app basis
>   and will require a customization phase in almost every situation.

Ed Bellis has an interesting tool called Conduit [1] that will import the results from a variety of VA tools and "normalize" their results into a common format, which can then be confirmed and imported into bug tracking/QA systems for remediation.  There's a video of him talking about it at SnowFROC09 where is explains how it grew out of a need at Orbitz to better manage, track and remediate security issues in web apps, networks and databases [2].

- Bil


[1] https://conduit.honeyapps.com/
[2] http://video.google.com/videoplay?docid=-8396241750899139680


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list