This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
A few weeks ago our CEO Ferruh Mavituna and Edward Haletky from the Virtualization and Cloud Security Podcast talked about the challenges and the tips & tricks of implementing automated web application security testing as part of the development processes.
During the webcast Ferruh also explains how the web vulnerability checks in both the desktop and the cloud web application security scanner work. He also talks on how both the products and the security checks are thoroughly tested, thus giving a first hand account of how important testing in general is. During the rest of the interview, Edward and Ferruh also talk about:
- the different possibilities of how to integrate web application security in the continuous integration,
- how to configure and fine tune your web security tools to ensure you get the most out of them,
- how much help such automated tools can be for developers and for writing secure code,
- and much more.
And for those automation sceptics, in this interview Ferruh also explains that tools such as an automated web vulnerability scanner will never replace humans and manual penetration tests, but the availability of such technology and automation has allowed businesses find more vulnerabilities in their web applications efficiently, thus ensuring more secure web applications. In fact, if you are not using any automated tool to identify vulnerabilities on websites and web services you are simply "wasting your customer's or your own time".