Discussing the Misconceptions of Black Box Web Scanners

The Perception & Misconceptions of Automated Web Scanners on Security Weekly Show #492

Robert Abela - Thu, 15 Dec 2016 -

Web scanners report a lot of false positives and can only detect low hanging fruit vulnerabilities. If you have used or evaluated black box scanners you definitely heard this. Though is it true or are these all misconceptions? Watch Paul’s Security Weekly #492 for the answers.

There are many misconseptions surrounding black box web vulnerability scanners. Watch episode number 492 of the popular show Security Weekly during which Ferruh Mavituna, Larry Perce, Joff Thyer and the show’s host Paul Assadoorian discuss the below misconceptions and more:

Web scanners report a lot of false positives. Maybe back in the days scanners used to report a lot of false positives, though nowadays the Netsparker scanners are dead accurate thanks to the unique Proof-Based Scanning^TM technology.
There hasn’t been any particular breakthrough in the scanners’ industry, making the tools outdated.
Scanners cannot scan and find vulnerabilities in modern Web 2.0+ / HTML5 / Single Page applications.
Some security professionals tend to shy away from automation because they think tools such as black box scanners won't find anything that they can’t find manually.
People believe that scanners can only find low-hanging fruit.

The Perception & Misconceptions of Automated Web Scanners on Security Weekly Show #492

Related Articles

SQL Injection Cheat Sheet

HTTP security headers: An easy way to harden your web applications

How you can disable directory listing on your web server – and why you should

JSON injection