[WEB SECURITY] Are there any disadvantage of Application Security SaaS offering?
Christoph Gruber
list at guru.at
Thu Jul 23 10:27:05 EDT 2009
Supata wrote:
> Just wanting to know your suggestions on what possible disadvantages
> SaaS for app security has. From my side, one suggestion may be
> sharing "application code/application details" to a third party may
> pose a risk.
>
> Regards, Sutapa
Hi!
My personal experience to we application security filters:
The default filters are not satisfying, filtering only about 40% of
the attacks to known vulnerabilities (tested myself).
Two main drivers for the costs are: Building filters for automatic
attacks in the wild and adapting the filters to the application.
At the first point you can gain synergies, the second has to be done
according to the development of the web-app. on your own.
Therfor SaaS makes not very much sense unless you are able to apply
your own filters there.
The risks for SaaS are:
Giving the data for your web-traffic away, threating your visitors
privacy.
Additionally when you use https, you have to giv away your secret keys.
Cheers!
--
Christoph Gruber
"If privacy is outlawed, only outlaws will have privacy." Phil
Zimmermann
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list