 |
|
“It took me a while to find WebInspect. The problem with most vulnerability tools is the false positives.”
|
|
| Paul Samadani | |
| • Title: Director of corporate technology services, Pentair, in Golden Valley, Minn. | |
| • Years in networking: 23 | |
We do a lot of development in-house and externally on our intranet and extranet sites. We have a global network of sites that spans to all countries. I want to make sure that these portals are secure.
It took me a while to find WebInspect. The problem with most vulnerability tools is the false positives. I demoed this product, and it found a lot of interesting items, but not a lot of false positives.
Some tools tell you there's a problem but don't tell you how to solve it. If you want to be hated in a development environment, point out to people that they have a problem but you don't know how to fix it. WebInspect points out the code and gives references on how to fix that code. Any developer can take my report and learn how to fix what's wrong. Everyone I've given a WebInspect report to has been impressed, because it was a learning experience for them.
We have two people in IT using WebInspect extensively to test sites across the company. We also tell the in-house developers we use WebInspect so they can test their sites against it. Some departments in the company like to work with [application service providers] for their sites. Our concern is that it's our intellectual property and personal information. We want to know how the ASP will handle that data. Before we sign up with an ASP, we run the WebInspect tool against them. We also do periodic checks using the tool. We can tell whether the ASP is secure or not. I have walked away from companies after seeing the results from WebInspect. I show them the vulnerabilities they have, and if they don't want to fix them, then we won't do business with them.
| Start a public discussion with other Network World users on this article (scroll up to send this article to a colleague). Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
Copyright 2008 Network World Inc.
Testing, testing
04/16/03
In brief: SPI Dynamics announces vulnerability-assessment software
11/07/05
RSA show to highlight new security approaches
02/23/04
|
Does Verizon's Voyager stack up to the iPhone? |
|
TOP STORIES | MOST DUGG STORIES
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
| The Secure Web Gateway. Mission Critical For Business - Webcast |
| The Trend from UNIX to Linux in SAP(r) Data Centers |
| Mobile Data Security |
| How to Offer the Strongest SSL Encryption |
| Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology |
| Monitor the core and troubleshoot the access layer with integrated network analysis solutions |
| Top 10 Considerations for Scaling a WAN Acceleration Solution |
| Troubleshooting Remote Site Networks - Best Practices |
| Determining the cause of poor application performance |
| Proven techniques and best practices for managing infrastructure changes |
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
