[Owasp-leaders] Bring balance: force verification in scanning tools

Liam Smit liam.smit at gmail.com
Mon May 23 18:49:07 UTC 2016


Hi Simon

ZAP needs to be as effective as possible at finding vulnerabilities.
Hobbling it by making it easier to detect makes it less effective. E.g.
some vendor's firewall detects the scan and blocks it. When the actual
exploit comes along it is not detected and the application is compromised.

The better it is at detecting vulnerabilities the better it can be used by
defenders to plug the holes. There is nothing stopping defenders from using
"attacking" tools to secure their networks, servers, etc. After all we all
port scan and vulnerability scan our infrastructure, right?


Regards,

Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160523/5acf2a08/attachment.html>


More information about the OWASP-Leaders mailing list