[Owasp-boston] 2 Questions about Jim's Presentation last week
Patrick_Laverty at brown.edu
Mon Nov 23 08:34:09 EST 2009
And they're both about the same statement.
Jim stated that the scanners will "Only going to find 10 - 20% of vulns
- low hanging fruit"
My two questions are:
1. How do we know that they will only find that number? If we know
they're missing 80-90%, how did we find them to count those that were
2. I've read that the most effective and thorough scanning is to
get 4-5 different scanners and use them all, as they will find some
different vulnerabilities. Has anyone done this? What did you find
when you look at all the data from multiple scanners and how varied are
they at finding different true positive results?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-boston