|
|
The Upshot
 Web app scanners in this Rolling Review must not only find conventional weaknesses, like XSS and SQL injection vulnerabilities, but also thoroughly scan Ajax apps, in which part of the app is running locally in the browser.  There's no substitute for multilayered protection. Web app scanners, such as SPI Dynamics' WebInspect, should be just one element in a comprehensive setup that includes educating developers and integrating security reviews into the development lifecycle. Problem is, complex Ajax apps represent a new twist for these products, and we don't recommend purchasing a scanner that cannot handle Web 2.0 development tools, which are exploding in popularity.  While WebInspect suffered from some troubling errors and didn't handle our Ajax application gracefully, it showed a number of positives, including quick vendor updates, easy tweaks and customization, a well-designed interface, and powerful built-in extras. Test before you buy to determine whether WebInspect can handle your apps--or whether its failures in our tests are indicative of more pervasive problems.
FEATURED PRODUCT: |
Scan today's web applications with a tool that cannot parse Ajax, and you may be doing only half the job. RIAs move intelligence to browsers ... and we all know how secure browsers are. Moreover, Ajax-based Rich Internet Applications are generally written in at least two languages. Double the complexity, double the danger. Even so, in a SitePoint poll of 5,000 Web developers released in late 2006, 46 percent said they would use Ajax for Web projects within the next 12 months, compared with just 27 percent citing Flash. Security pros--and tool vendors--better get busy.
For this installment in our Web Application Scanners Rolling Review we brought SPI Dynamics' WebInspect 7.0 into our University of Florida Real-World Labs® and set it to sniff out vulnerabilities in three sample Web apps, all in use for real-world functions (see "Scouring Ajax," for the kickoff to this series).
|
This article is the first of a series and is part of NWC's Rolling Review of Web Applications Scanners. Click on that link to go to the Rolling Reviews home page to read all the features and reviews now. |
Pending 6GHz spectrum availability, faster speeds, and private wireless access use drive FWA forward.
The new HPE Aruba 730 series Wi-Fi 7 access points tout high performance, enhanced security, location tracking capabilities, and more.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
