[OWASP-TESTING] About Scanners (for testing guide)
Calderon, Juan Carlos (GE Commercial Finance, NonGE)
juan.calderon at ge.com
Tue Mar 30 11:30:35 EST 2004
Can't remember if I share this to you earlier, it's a little tought about scanners derived from the use of them (mainly Sanctum Appscan) for almost 4 years now.
I've found that no matter teir capacity, in an enterprise enviroment their attacks or assessments are "blocked" by firewalls, routers, proxies, IDS, etc. all this make them some kind inneficient and/or innacurate right out of the box, not even installed. IMO ideally they would need a direct connection in a controled environment to deploy the potentital they have (low or high), this is, as I mention, ideally.
More information about the Owasp-testing