
	Home > Ask the Software Quality Experts > Application Security Questions & Answers > Vulnerability scanners: The automation option

Ask The Software Quality Expert: Questions & Answers

EMAIL THIS

Vulnerability scanners: The automation option

EXPERT RESPONSE FROM: Brad Arkin

		Pose a Question

		Other Software Quality Categories

		Meet all Software Quality Experts
		Become an Expert for this site

Software quality news and advice

Digg This! StumbleUpon Del.icio.us

QUESTION POSED ON: 27 November 2006
I've been hearing a lot about automatic vulnerability scanning and that it's good. But why is it so good, and how do the products work?

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security
	What is fuzz testing? What are some ways to use fuzz testing?
	How do I convince management to take application security seriously?
	How do I set up a secure login page using membership in ASP.NET?
	Security testing sales, marketing websites
	Are there application security certification standards?
	Top tools for testing Web application security
	How to prevent HTTP response splitting
	PCI DSS compliance: WAF, code review or both?
	Application security careers have bright future
	How to prevent anti-DNS pinning attacks

Building security into the SDLC (Software development life cycle)

The role of quality assurance (QA) pros in software security

Common software security risks and oversights

Why the quality assurance department should be involved in testing

How to develop secure applications

Secure software development practices 'not rocket science'

How to prevent HTTP response splitting

Browser security a concern for website development

Web application security and the PCI DSS

PCI DSS compliance: Web application firewalls (WAFs)

PCI DSS compliance: The basics

Software security testing tools

Commonly-overlooked security flaws in rich Internet applications

10 steps to acing Web app security assessments

New tools target software QA, testing: Spring roundup

Hack maliciously to boost your software's security

What is fuzz testing? What are some ways to use fuzz testing?

Why the quality assurance department should be involved in testing

Using the Firefox Web Developer extension to find security flaws

Top tools for testing Web application security

Static analysis tool helps software engineers find bugs during builds

Web security: Web services an overlooked entry point for attacks

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

penetration testing (SearchSoftwareQuality.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Automatic vulnerability scanning products help an organization quickly and proactively identify vulnerabilities in systems that could be exploited by attackers. The idea is to use these tools internally in an effort to fix the weaknesses in those systems before the attackers exploit those vulnerabilities. Because these tools are automated, they can be included in regression test suites or executed on a regular basis without drawing overworked people away from other responsibilities.

Each vulnerability scanning product works differently, depending on its goal. While some look at Windows registry entries to determine if the latest patches have been applied, others attempt to exploit specific vulnerabilities against a target machine. Typically, vulnerability scanners test against known vulnerabilities.

Keep in mind, as with most tools in the security industry, vulnerability scanners are available both commercially, and as open source free/shareware. This means your attackers have vulnerability scanners to use against you as well, so an internal process to quickly address identified vulnerabilities is imperative.

More on this

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Software Quality - Software Maintenance, Software Requirements, Software Standards

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy