tag:blogger.com,1999:blog-13756280.post3623219162670868529..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: It’s unanimous, Web application security has arrivedJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-13756280.post-25571634151647316552010-04-20T22:41:32.234-07:002010-04-20T22:41:32.234-07:00Jeremiah Grossman,
You are SPOT ON!
Thanks for sh...Jeremiah Grossman,<br />You are SPOT ON! <br />Thanks for sharing such a nice article,i had gone through it.<br />A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements.but the limitation of it is Because the tool is implementing a dynamic testing method, it cannot cover 100% of the source code of the application and then, the application itself. The penetration tester should look at the coverage of the web application or of its attack surface to know if the tool was configured correctly or was able to understand the web application.<br />for more information on information security check this link http://www.eccouncil.org/certification/ec-council_network_security_administrator.aspxSmithhttps://www.blogger.com/profile/04178379802038260500noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-71885706329596071602009-01-06T19:53:00.000-08:002009-01-06T19:53:00.000-08:00Adding to the first two comments, use of trusted w...Adding to the first two comments, use of trusted web servers would prevent malware from being planted on legitimate websites.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-44689220590864710022008-12-29T11:33:00.000-08:002008-12-29T11:33:00.000-08:00I think it would be really difficult, if not impos...I think it would be really difficult, if not impossible, to improve client-side security to such a drastic extent that there would little motivation to implant malware on legitimate websites. There are roughly 1 billion people on the Web. Even if only a tiny fraction (%1) were left vulnerable, and we know its orders of magnitude higher, that’s still 10 million potential victims. More than enough for a good botnet. Still your right, client-side security is woefully inadequate.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-10387509411365936602008-12-29T08:40:00.000-08:002008-12-29T08:40:00.000-08:00No question about the premise, webapp security has...No question about the premise, webapp security has arrived and is here to stay. But looking at the numbers an important portion of webapp intrusions are aimed at planting malware (client-side exploits and trojans).<BR/>From a motivation perspective, these attacks would not exist if client-side security was better, and what we traditionally label "webapp security" does not address this problem at all. IMHO the endpoint is still the largest victim.Max Cacereshttps://www.blogger.com/profile/04982289055107379476noreply@blogger.com