THE CENZIC BLOG
Subscribe to the "Prioritizing Vulnerability Tests for Web Application Security Assessments" web feed.Subscription options
Read more articles in  Web Application Security Insights
.
April 10, 2009

Prioritizing Vulnerability Tests for Web Application Security Assessments

Where do you begin when scanning Web applications for security vulnerabilities?

This is a great article if you are overwhelmed and don’t know where to start when it comes to prioritizing vulnerability tests for Web application security assessments

The good news is that there are some best practices, but the bad news is that there isn’t some “easy / all button” to push and everything will be done.  I guess a good way of looking at it is this:  “the best way to eat an elephant is one bite at a time”. 

Here are some of the ways the author sees companies prioritizing the work and lists the pros and cons of each:

1. The Big Ban Approach
2. The Steam Roller Approach
3. The Application Triaging Approach
4. The Health Check Approach
5. The Unauthenticated Health Check Approach

So, which of your Web applications are at risk?  All of them.  Read the article and you’ll get it.

Oh, and have a relaxing weekend.

by
Doug Simpson, Security Engineer
DSimpson@cenzic.com

.
PermalinkVulnerability test methods for application security assessments
.Read this SearchSecurity article on best ways to ensure your Websites are safe
.http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1351737,00.html
Topic Tags:  
by Erin Swanson | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription