I just ran some Web vulnerability scans against an app I'm testing using a couple of default/benign scan policies. Nothing big turned up. I re-ran the scan using a full scan policy that checks for everything and the new MS10-070 ASP.NET padding oracle vulnerability reared its ugly head...BIG difference in the outcome.
Keep this in mind when checking for Web security flaws with your automated scanners and never ever completely rely on their results. You can't live without them but they're only ~50% of the solution.
Monday 4 October 2010
Beware of the oversights w/default policies in Web vuln scanners
Posted on 11:15 by Unknown
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment