Friday, February 10, 2012
Security
Error 404--Not Found |
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:10.4.5 404 Not FoundThe server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. |
 |
Fave raves
SPI Dynamics' WebInspect
|
“It took me a while to find WebInspect. The problem with most vulnerability tools is the false positives.”
|
|
| Paul Samadani | |
| • Title: Director of corporate technology services, Pentair, in Golden Valley, Minn. | |
| • Years in networking: 23 | |
We do a lot of development in-house and externally on our intranet and extranet sites. We have a global network of sites that spans to all countries. I want to make sure that these portals are secure.
It took me a while to find WebInspect. The problem with most vulnerability tools is the false positives. I demoed this product, and it found a lot of interesting items, but not a lot of false positives.
Some tools tell you there's a problem but don't tell you how to solve it. If you want to be hated in a development environment, point out to people that they have a problem but you don't know how to fix it. WebInspect points out the code and gives references on how to fix that code. Any developer can take my report and learn how to fix what's wrong. Everyone I've given a WebInspect report to has been impressed, because it was a learning experience for them.
We have two people in IT using WebInspect extensively to test sites across the company. We also tell the in-house developers we use WebInspect so they can test their sites against it. Some departments in the company like to work with [application service providers] for their sites. Our concern is that it's our intellectual property and personal information. We want to know how the ASP will handle that data. Before we sign up with an ASP, we run the WebInspect tool against them. We also do periodic checks using the tool. We can tell whether the ASP is secure or not. I have walked away from companies after seeing the results from WebInspect. I show them the vulnerabilities they have, and if they don't want to fix them, then we won't do business with them.
| Start a public discussion with other Network World users on this article (scroll up to send this article to a colleague). Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
Copyright 2008 Network World Inc.
Related links
Testing, testing
04/16/03
In brief: SPI Dynamics announces vulnerability-assessment software
11/07/05
RSA show to highlight new security approaches
02/23/04
|
Does Verizon's Voyager stack up to the iPhone? |
|
TOP STORIES
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]