CEO of Bit Discovery, Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, Off-Road Race Car Driver, Founder of WhiteHat Security, and Maui resident.
Monday, June 11, 2007
Rolling Reviews: SPI Dynamics WebInspect
Last month I blogged that Jordan Wiens of Network Computing would be conducting Rolling Reviews of Web Applications Scanners. First up is the review of SPI Dynamics's WebInspect product. As expected Jordan isn't making this cake walk for vendors. He knows his webappsec stuff and will dig deep into the results, especially around the Ajax claims. Ajax is a tough problem to solve and is likely unsolvable. Ajax is also unlikely to make web applications less secure, but definitely makes them harder to assess. Next up, Cenzic ARC (Application Risk Controller) .
Posted by Jeremiah Grossman at 6:49 AM
Subscribe to: Post Comments (Atom)
Quote: "Ajax is a tough problem to solve and is likely unsolvable" --
There you go again, talking about "unsolvable" problem :-)
I have a feeling that exploring and testing AJAX applications will seem like a "natural" thing soon enough. You shouldn't give up on technology so fast.
"Given a description of a program and a finite input, decide whether the program finishes running or will run forever, given that input.
Alan Turing proved in 1936 that a general algorithm to solve the halting problem for all possible program-input pairs cannot exist. We say that the halting problem is undecidable over Turing machines."
Maybe your tech will surpass all others. We'll just have to wait and see. :)
Post a Comment