[WEB SECURITY] Are there any disadvantage of Application Security SaaS offering?

Mostafa Siraj mostafa.siraj at gmail.com
Tue Jul 21 05:53:30 EDT 2009


Hello Sutapa,
I guess there are many major disadvantages of using "Application Security"
SaaS, here are some who came to my mind

1- if the Pen Test scanning - with WebInspect in case of HP- will be
performed remotely -on your testing environment- it will have a major
performance overhead
2- as you said sharing your source code with a third party is not a very
smart thing to do

I believe that the best thing to do is to buy Engagement License which
allows you to use their software at your own firm for 2 weeks or something,
this will help you get the cost reduction you want without imposing your
data to risk or have a performance overhead

Regards,

Mostafa Siraj <http://allaboutapplicationsecurity.blogspot.com/>

Application Security Expert

ITWorx Egypt

www.ITWorx.com






On Tue, Jul 21, 2009 at 9:22 AM, sutapa dey <sutapaeie10 at yahoo.co.in> wrote:

> Hi All,
>
> Today, there are couple of vendors in market such as WhiteHat Sentinel, HP
> Application Security Center, who are offering application security softwares
> as a service. I accept that there are manifold advantages of a SaaS model,
> the prime one being cost reduction.
> But as every model has it's own advantages as well as disadvantages,
> similarly SaaS with respect to app security also must be having some
> disadvantages.
>
> Just wanting to know your suggestions on what possible disadvantages SaaS
> for app security has. From my side, one suggestion may be sharing
> "application code/application details" to a third party may pose a risk.
>
> Regards,
> Sutapa
>
> ------------------------------
> See the Web's breaking stories, chosen by people like you. Check out Yahoo!
> Buzz <http://in.rd.yahoo.com/tagline_buzz_1/*http://in.buzz.yahoo.com/>.
>



-- 
"Our deepest fear is not that we are inadequate. Our deepest fear is that we
are powerful beyond measure. It is our light, not our darkness, that most
frightens us. We ask ourselves, who am I to be brilliant, gorgeous,
talented, and fabulous?Actually, who are you not to be? You are a child of
God. Your playing small doesn't serve the world. There's nothing enlightened
about shrinking so that other people won't feel insecure around you. We are
all meant to shine, as children do. We are born to make manifest the glory
of God that is within us. It's not just in some of us, it's in everyone. And
as we let our own light shine, we unconsciously give other people permission
to do the same. As we are liberated from our own fear, our presence
automatically liberates others." --Nelson Mandela--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090721/0aad357b/attachment.html>


More information about the websecurity mailing list