Joe Gillespie is the Enterprise Account Executive at Netsparker. He was interviewed by hosts Paul Asadoorian, Matt Alderman and Lee Neely live at Black Hat USA 2019, for the second segment of Enterprise Security Weekly #148.
They asked Joe about his background and how he started working with Netsparker. Then, for most of the interview, the four of them discussed vulnerability management as it applies to web application testing. What are the challenges that customers bring to Netsparker in the vulnerability realm?
Joe said that while the volume of online assets and web application vulnerabilities is large, the teams that deal with them are typically small. Scanning for vulnerabilities is relatively easy, but managing those vulnerabilities is not easy. So there is often a tension between vulnerability assessment (scanning for vulnerabilities and generating a report) and vulnerability management (prioritization and issue tracking).
Invicti’s goal is to enable companies to get more done in a shorter period of time, so they can focus on the big issues that are causing problems. Joe said that the key to this was automation – of issue tracking, fixes, retests, and updates. For issue tracking in particular, this means integrations with Netsparker that have built-in, two-way synchronization (a “bi-directional” or “closed-loop” system).
The ESW hosts discussed different sorts of distinctions that are prevalent in the web security business and how they apply to the Netsparker web security scanner:
- The difference in apps that run and apps that build
- Weighing up security risks versus financial or resource risks for companies
- Testing applications versus testing defences
The conversation concluded with Joe explaining Invicti’s Application and Discovery Service. This has become a vital to security scanning, since you can't protect what you don’t know. This visibility challenge in application space is only getting more difficult, since it’s now so easy for someone in a company to publish a new website, app, or instance without anyone else knowing. Finally, Joe mentioned some exciting new Netsparker features in the fourth quarter.