Organizations of all sizes use Web applications to deliver services and expand business processes. However, hackers are always searching for weaknesses within these online applications, as they can represent a gateway into valuable back-end databases. With the advent of Web 2.0 features, including blogs, wikis, RSS and other advanced Internet technologies, Web applications are powerful, complex and constantly changing, increasing the likelihood of new vulnerabilities within an application.
To help developers track down and find potential security holes, there are a host of tools available called Web application vulnerability scanners. Their aim is to automate and speed up a process that, when performed manually, is a long and painstaking one. By crawling through a Web site and injecting various attack scenarios, scanners compare an application’s responses against a database of security vulnerability signatures.
Despite their usefulness, Web application vulnerability scanners have not become a must-have for every development team, largely because of cost. Yet there are several good open source scanners available for free. In this tip, we’ll examine a few other reasons for the holdup in Web application vulnerability scanner adoption.
Continue reading here: searchsecurity.techtarget.com