Web sites are prone to security risks, and are a target for common attacks such as Cross Site Scripting, and SQL injection, which can result in exposure of sensitive data and even more aggressive attacks. Vulnerability scanning checks for known vulnerabilities and generates a report that the developer can use to fix web site vulnerabilities. Join Lisa Bock as she reviews some common scanners that even an average user can run. Vulnerability scanning is inexpensive, as most scanners are well under $1500, and many are free and can provide a great deal of information. Participants will learn that scanning a website to check for vulnerabilities is an important exercise, and regulations such as PCI, GLBA, Sarbanes Oxley, HIPAA or FISMA many times require periodic scanning. Vulnerability Scanning is an important first step in reducing overall risk, as most vulnerabilities can be addresses and reduced if not removed entirely.


Comments are closed.

Emil Gallant at 17:59 on 10 Feb 2018

The description of the talk did not match the actual presentation. No information was presented that couldn't already be considered "common sense". The single example of SQL code came from the 90's and the only mention of tools/scanners was as an aside while talking about the OWASP website. Online security is a huge concern and developers definitely need education about threats but this was not the place to get that. It felt like this was a recycled presentation that was originally intended for non-computer folks, it was certainly not aimed at seasoned or even casual developers.

Scott Hardie at 17:08 on 11 Feb 2018

Good talk, covering the importance of vulnerability scanning and suggesting lots of tools for the job. I would have appreciated more pros-and-cons comparison of the many tools, especially the server-side tools since both large applications that I manage are locked to the public and probably won't work with the web-based tools shown.

Lisa had great enthusiasm and covered a variety of topics related to security. While the talk title wasn't the main focus, I still felt like the content was applicable and important to attendees. Good talk.