The Perception & Misconceptions of Automated Web Scanners on Security Weekly Show #492
Web scanners report a lot of false positives and can only detect low hanging fruit vulnerabilities. If you have used or evaluated black box scanners you definitely heard this. Though is it true or are these all misconceptions? Watch Paul's Security Weekly #492 for the answers.
There are many
- Web scanners report a lot of false positives. Maybe back in the
daysscanners used to report a lot of false positives, though nowadays the Netsparker scanners are dead accurate thanks to the unique Proof-Based Scanning TMtechnology.
- There hasn’t been any particular breakthrough in the scanners’ industry, making the tools outdated.
- Scanners cannot scan and find vulnerabilities in modern Web 2.0+ / HTML5 / Single Page applications.
- Some security professionals tend to shy away from automation because they think tools such as black box scanners won't find anything that they can’t find manually.
- People believe that scanners can only find low-hanging fruit.