Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Demise of DRM, Economics of File Sharing and Persistent Security Risks | Main | TJX Breach Costs Continue or How to Save Your Company Almost $112 Million »

Automatic Application Vulnerability Assessment

Automated vulnerability assessment can complement manual efforts to find and correct vulnerabilities in application code. In this podcast, Matt Moynahan, CEO of Veracode, discusses key issues in vulnerability testing, including:

What is the process of automated application vulnerability analysis?

What types of application vulnerabilities can be detected with automated analysis?

What are the pros and cons of automated analysis as a service?

When analyzing application vulnerabilities, is static analysis sufficient to detect vulnerabilities or are behavior-based techniques required as well?

Many developers are familiar with cross-site scripting and injection attacks, are there others you commonly see when you conduct security reviews?

What do you see as the top challenges to analyzing Web applications, especially within service oriented architectures? How can we analyze the security profile of an application consisting of multiple services on one or more applications servers and querying multiple databases?

Tags:        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on August 14, 2007 7:56 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/379

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net