There are many misconseptions surrounding black box web vulnerability scanners. Watch episode number 492 of the popular show Security Weekly during which Ferruh Mavituna, Larry Perce, Joff Thyer and the show’s host Paul Assadoorian discuss the below misconceptions and more:
- Web scanners report a lot of false positives. Maybe back in the days scanners used to report a lot of false positives, though nowadays the Netsparker scanners are dead accurate thanks to the unique Proof-Based Vulnerability Scanning Technology.
- There hasn’t been any particular breakthrough in the scanners’ industry, making the tools outdated.
- Scanners cannot scan and find vulnerabilities in modern Web 2.0+ / HTML5 / Single Page applications.
- Some security professionals tend to shy away from automation because they think tools such as black box scanners won't find anything that they can’t find manually.
- People believe that scanners can only find low-hanging fruit.