12. Tools
Dan: What is your application security strategy
A: We bought Scanner XYZ
Dan: Cool! Have you started using it?
A: Yes. The analyst who wanted us to buy it ran a bunch of scans when we got
the license key.
Dan: All right! Did you find anything?
A: Oh yeah! We found all sorts of scary stuff.
Dan: Well what did you do about it?
A: We sent the PDF report to the development team and told them to fix the
problems.
Dan: Were they successful?
A: I don’t know. I guess I should check in on that…
11
13. Tools
• Tools do not find everything
• Tools do not run themselves
• They are worthless if you do not use them
• A fool with a tool is still a fool
12