Help Net Security, a daily source of information about security news, with a focus on enterprise security, recently interviewed Ferruh Mavituna, CEO at Netsparker. The interview was in podcast format and focused on how to Identify web application vulnerabilities and prioritize fixes with Netsparker.
Ferruh talked about web application security and how Netsparker helps businesses of any size keep their web applications secure. Here are a few of the many interesting points Ferruh raised during the interview.
- Ferruh identified two main industry problems. Businesses have too many applications, even to the point of not knowing how many they have. And they don’t have security teams large enough to deal with all their websites. Increasingly decentralized, agile models of working only multiply these two issues.
- Scalability and use of cloud technologies is viewed as a solution to security scanning today. Ferruh pointed out that while it is good, scalability must be matched with accuracy. Unless you can deal with false positives – as Netsparker does with its Proof-Based ScanningTM technology – developers will stop taking your scan results seriously.
- Another problem with scalability is the problem of bottlenecks. As developers wait to push new features, the security team is still testing older features. Ferruh argued that accurate testing isn’t enough. Vulnerabilities then must be sent to the right people for quick fixing. Netsparker facilitates this by matching the vulnerability to the developer who introduced it.
Ferruh concluded that the future for Netsparker lies in addressing the problem of scale. One way Netsparker helps companies is the new Application and Service Discovery service, that automatically searches for and compiles a list of all the web assets associated with a business.