[WEB SECURITY] Are there any disadvantage of Application Security SaaS offering?

sutapa dey sutapaeie10 at yahoo.co.in
Tue Jul 21 06:36:11 EDT 2009


Hi Mostafa,

Thanks for the response. But just one doubt if I buy the engagement licenses to use in my firm, then I need to setup their tool and know the tool usage how to configure and use. So that may again increase the cost.

Regards,
Sutapa

--- On Tue, 21/7/09, Mostafa Siraj <mostafa.siraj at gmail.com> wrote:

From: Mostafa Siraj <mostafa.siraj at gmail.com>
Subject: Re: [WEB SECURITY] Are there any disadvantage of Application Security  SaaS offering?
To: "sutapa dey" <sutapaeie10 at yahoo.co.in>
Cc: websecurity at webappsec.org
Date: Tuesday, 21 July, 2009, 3:23 PM

Hello Sutapa,
I guess there are many major disadvantages of using "Application Security" SaaS, here are some who came to my mind
1- if the Pen Test scanning - with WebInspect in case of HP- will be performed remotely -on your testing environment- it will have a major performance overhead

2- as you said sharing your source code with a third party is not a very smart thing to do
I believe that the best thing to do is to buy Engagement License which allows you to use their software at your own firm for 2 weeks or something, this will help you get the cost reduction you want without imposing your data to risk or have a performance overhead


Regards,

Mostafa Siraj

Application Security Expert

ITWorx Egypt

www.ITWorx.com





On Tue, Jul 21, 2009 at 9:22 AM, sutapa dey <sutapaeie10 at yahoo.co.in> wrote:


Hi All,

Today, there are couple of vendors in market such as WhiteHat Sentinel, HP Application Security Center, who are offering application security softwares as a service. I accept that there are manifold advantages of a SaaS model, the prime one being cost reduction.


But as every model has it's own advantages as well as disadvantages, similarly SaaS with respect to app security also must be having some disadvantages.

Just wanting to know your suggestions on what possible disadvantages SaaS for app security has. From my side, one suggestion may be sharing "application code/application details" to a third party may pose a risk.



Regards,
Sutapa 


       See the Web's breaking stories, chosen by people like you. Check out  Yahoo! Buzz.




-- 
"Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness, that most frightens us. We ask ourselves, who am I to be brilliant, gorgeous, talented, and fabulous?Actually, who are you not to be? You are a child of God. Your playing small doesn't serve the world. There's nothing enlightened about shrinking so that other people won't feel insecure around you. We are all meant to shine, as children do. We are born to make manifest the glory of God that is within us. It's not just in some of us, it's in everyone. And as we let our own light shine, we unconsciously give other people permission to do the same. As we are liberated from our own fear, our presence automatically liberates others." --Nelson Mandela--







      Love Cricket? Check out live scores, photos, video highlights and more. Click here http://cricket.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090721/c8f3fd3d/attachment.html>


More information about the websecurity mailing list