SlideShare is now on Android. 15 million presentations at your fingertips.  Get the app

×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Challenges of Automated Web Application Scanning

by Chief Technology Officer at WhiteHat Security on Jul 15, 2010

  • 1,543 views

The Challenges of Automated Web Application Scanning: "Why automated scanning only solves half the problem."...

The Challenges of Automated Web Application Scanning: "Why automated scanning only solves half the problem."
Jeremiah Grossman, CEO, WhiteHat Security, Inc.

Web application scanning presents many unique challenges. The biggest challenge is that the increasing complexity and diversity of Web applications make it extremely difficult for any scanner to effectively identify security issues. The goal in typical network vulnerability scanning is to identify "known security issues in known code." Unfortunately, the problem is more complex in Web application vulnerability scanning, where the mission is to identify "known security issues in unknown code." With this in mind, we will dive into the specific details that make Web application vulnerability scanning difficult, discussing the lessons learned and recommended solutions. Scanning a Web application for vulnerabilities is akin to remotely black-box testing an unknown piece of code. The remote scanner does not have access to source code, knowledge of what programming language was used, what actions the software performs, and it won't even know on what platform the application resides. The benefit of known security issues is lost within web application vulnerability scanning and the scanner must resort to identifying classes of vulnerabilities, such as cross-site scripting and SQL injection. However, there are security issues that go beyond simple classes and target exploitation of the flow in application business logic. These business logic issues are arguably impossible for any automated process to uncover and yet are some of the most dangerous. The list of challenges faced by today's web application vulnerability scanner is endless.

Statistics

Views

Total Views
1,543
Views on SlideShare
1,543
Embed Views
0

Actions

Likes
0
Downloads
45
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
Post Comment
Edit your comment

Challenges of Automated Web Application Scanning Challenges of Automated Web Application Scanning Presentation Transcript