I want to be a consultant for web apps security testing.
Why would anybody need a consultant if they already have some opensource tool to do application vulnerability tests ?
Any points ?
Printable View
I want to be a consultant for web apps security testing.
Why would anybody need a consultant if they already have some opensource tool to do application vulnerability tests ?
Any points ?
Detecting vulnerabilities is one thing. Fixing them and educate your customer how to avoid them in the future is another.
The answer is very simple. A vulnerabilty scanner is unable to identify logical flaws within the application that cause security risks.
Further to that a most app scanners have problems in spidering a site correctly and maintaining correct state. They also have great problems with forms that have to be completed in a sequence, ie form 1, then form 2, then form 3.
But in there plus side, they are very good at static checks, ie looking for default files, and searching for backups of used files.
So in reality for app security test you need both, because if you were do all the checks manully, as a consultant you wont get any work because your quotes would be too big.
SittingDuck
Security Scanners are good at finding apps that have known flaws.Like SittingDuck said they tend to miss some stuff.
Penetration testing is more than looking for apps with vulnerablities. It also involves checking your configuration of these apps. Testing your site for other vulnerablities such as sql injection, or cross site scripting or any number of things that an app scanner cant fully test.
A penetration tester is also more skilled with a Vulnerability Scanning tool as well. While anyone can run a scan someone who has used it over time knows how to configure it for you specific network as well as configuring it with optimal settings for the most information.
A full penetration test should consist of scanning and attempting to break in with the human element.
SPI Dynamics makes some pretty decent tools for automated testing, but they even indicate it takes a human with judgement and experience to comprehensively distill the results of an automated scan to evaluate the true threat. A program can test SQL Injection queries hella faster than a human can, but will the output be trully useful to a bad guy? The human could tell a lot easier than any bot could, I'd put money on it.
Thanks for the teriffic insight.
If I were to argue that "application firewalls" may eventually cutting down any service offerings (say I offer a service with a human using an open source tool and his own techniques) , would someone of you participate in that arguement ?
Count me in
Because just rely on security automated tools is the dumbest attitude on a company.Quote:
Why would anybody need a consultant if they already have some opensource tool to do application vulnerability tests ?
Its like have no guards because "i have a total unbreakable safe and i dont need anybody to take care of it"
And IMHO, a vulnerability test or a penetration tests REQUIRES a security specialist.
The introduction of Application Firewalls has eliminated the need for a comprehnsive application security audit.
For your own sake I hope you don't actually beleave your own bullshit.Quote:
The introduction of Application Firewalls has eliminated the need for a comprehnsive application security audit.