WebApp Sec mailing list archives
RE: Spi's products worth a try? Or any suggestions for developer s' tool?
From: Jeff Robertson <jeff.robertson () digitalinsight com>
Date: Mon, 7 Nov 2005 07:37:54 -0500
I would suggest that what will reduce the testers' time is teaching the developers to code securely. I know that sounds like a tautology, but they're going to have to know it anyway if you expect them to make sense of what they get out of a scan. In any case, I would think that source code analysis would be the most useful tool for developers. Developers think in terms of code, and you aren't going to change that. Hit them where they live. Sorry, I can't recommend any ;-) Jeff Robertson Manager of Web Application Security Digital Insight
-----Original Message----- From: Aman Raheja [mailto:araheja () techquotes com] Sent: Friday, November 04, 2005 12:40 To: webappsec () securityfocus com Subject: Spi's products worth a try? Or any suggestions for developers' tool? Hello Anyone has any experiance with Spi's tools for web application vulnerability scanning? http://www.spidynamics.com/products/index.html I need to suggest developers' tool so that they can self assess their application and reduce the overhead of the testing team. Any advice? Thanks in advance. Regards Aman Raheja http://www.techquotes.com
Current thread:
- RE: Spi's products worth a try? Or any suggestions for developer s' tool? Jeff Robertson (Nov 07)