Untangling Web App Security


With the increased use of Web applications, businesses have had to peel back a layer in their perimeter defenses and give public network traffic access to internal applications. The result is a rise in network security problems, and an increase in the need to audit and thoroughly check publicly facing code for potential security vulnerabilities. Unfortunately, security expertise is in short supply. WebInspect 3.0 from SPI Dynamics aims to fill that gap by automating the tasks necessary to perform security audits. WebInspect is a remote assessment tool, meaning that it performs its audits solely by means of the same HTTP calls to which an attacker would have access. Administrators can add custom checks to find problems that are specific to a particular application. [Full story at InfoWorld...]

This is the review I was doing when I stumbled and caused myself and others some grief. Nice to have that chapter closed.