• Home
• Topics
• Software Requirements Best Practices
• Building security into the SDLC (Software development life cycle)
• Vulnerability scanners: The automation option

Vulnerability scanners: The automation option

Requires Free Membership to View

Login



When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.

Hannah Smalltree, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSoftwareQuality.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSoftwareQuality.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Automatic vulnerability scanning products help an organization quickly and proactively identify vulnerabilities in systems that could be exploited by attackers. The idea is to use these tools internally in an effort to fix the weaknesses in those systems before the attackers exploit those vulnerabilities. Because these tools are automated, they can be included in regression test suites or executed on a regular basis without drawing overworked people away from other responsibilities.

Each vulnerability scanning product works differently, depending on its goal. While some look at Windows registry entries to determine if the latest patches have been applied, others attempt to exploit specific vulnerabilities against a target machine. Typically, vulnerability scanners test against known vulnerabilities.

Keep in mind, as with most tools in the security industry, vulnerability scanners are available both commercially, and as open source free/shareware. This means your attackers have vulnerability scanners to use against you as well, so an internal process to quickly address identified vulnerabilities is imperative.

• Learning Guide: Application security testing techniques
• Watchfire's Web app vulnerability scanner boosts automation, communication
• Technology alone cannot defeat Web application attacks: Understanding technical vs. logical vulnerabilities

Dig Deeper

This was first published in November 2006

More from Related TechTarget Sites

• SOA
• Java
• Windows Development
• Oracle
• Cloud computing
• Business Analytics

• SOA

  • Using enterprise architecture (EA) and SOA to bridge business and IT

    Implementing strong enterprise architecture and SOA helps support both business and software technology growth.

  • Profiles in application integration

    As both service-oriented and cloud-based architecture take the fore, IT shops increasingly value good integration design.

  • SOA growth reveals benefits and lessons

    Service-oriented architecture is a way of including roles (customers, suppliers, engineers, etc) and viewing everything as a service. Generally, we recognize services that are provided by people, machines and both. SOA is the most important development in the last ten years and is 1) Business-oriented - "describe what not how" and 2) Message - "just ask and the service is given".

• Java

  • Java 7 and the intricacies of safe and unsafe casting

    One of the problems with casting is that it does have the potential to cause a loss of precision, especially if the number that gets cast does indeed fall outside of the range of the target type. Here we will explain why this happens.

  • Vowels don't cost $500: Pontificating on Java 7 variable naming conventions

    When naming your variables, put a little bit of thought into it and name them well. Well thought out variable names make Java programs both easier to read and easier to maintain. Good names can even make Java programming fun.

  • Has Computer Programming Really Changed Much Since Lovelace's Time?

    Everyone always talks about these new computer programming languages, and how great one is over the other. But really, has computer programming really changed that much over time?

• Windows Development

  • Testing methods in Visual Studio 2010

    This is the second part in a two part series on unit testing in Visual Studio 2010.

  • Unit testing in Visual Studio 2010

    Visual Studio 2010 contains a unit testing framework, and I’ll show you how to use it to automate your own unit tests.

  • Understanding the testing tools in Visual Studio 2010

    Get an overview of the testing tools available in Visual Studio. You will learn which testing features are in which Visual Studio edition.

• Oracle

  • Making Monday the start of the week in Oracle SQL

    One reader asks how to set up a report in Oracle SQL so that Monday is the first day of the week.

  • Oracle Advanced Analytics bundles R with Oracle Database

    Oracle Advanced Analytics is the company’s newest announcement around data analytics, a market that Oracle seeks to blanket with products.

  • Oracle details integration with RightNow

    Oracle has finalized its $1.5 billion acquisition of CRM SaaS provider RightNow Technologies, and to celebrate executives held a webcast outlining their future plans for all the CRM and cloud products the two have on the table.

• Cloud computing

  • Digging deeper into IBM SmartCloud for private clouds

    IBM SmartCloud services give enterprises some options to build private and hybrid clouds and may give IBM a chance to improve its lagging cloud image.

  • Hybrid cloud management tools and strategies

    Determining how to manage hybrid clouds can seem daunting. The trick is to identify what you need to manage and the best types of tools for the job.

  • Six principles of HP Cloud Services

    Lining up cloud platforms from major vendors can cause vertigo. What’s the difference among private cloud products? Take a look at HP Cloud Services.

• Business Analytics

  • Airport retailer leaves Excel behind with BI tools makeover

    The Paradies Shops’ search for BI tools to access data quickly and break away from Excel spreadsheets started with data discovery vendors but didn’t end with them.

  • Hadoop is hot, but not most popular ‘big data’ technology

    New research reveals businesses’ relative lack of “big data” maturity and the hurdles in both technology and analytics techniques they need to overcome.

  • Mobile BI brings more than security concerns to the table, TDWI says

    Interest in mobile BI is growing, but democratizing data also presents hurdles for building a business case, according to new research from TDWI.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map