On 20 April 2011 15:14, davide sozzi <[email protected]> wrote:
> Hi,
>
> ok thanks but then this bring me to the next question: when a web
> scanner company say: "we cover all top10 OWASP risks" are they lying
> then (see Acunetix, Sandcat etc)?
>
Hi Davide, when companies says that they are compliant to something or
someone and they pretend to have the 'catch it all' tool 100% accurate, 100%
false positive free, 0 configuration ... well lying... what a ugly word...
sales men don't lay they tell you a 'different' truth.
It the same stories when consultancies says they are leader of one
technology or so on, isn't it?
[1] 100% accuracy in security, I'm sorry but as Andres saw even with an
hybrid approach (black+white test) does *not* exists.
Ciao ciao
Paolo
--
"... static analysis is fun, again!"
OWASP Orizon project leader,
http://github.com/thesp0nge/owasp-orizon<http://github.com/owasp-orizon>
OWASP Esapi Ruby project leader,
https://github.com/thesp0nge/owasp-esapi-ruby
------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve
application availability and disaster protection. Learn more about boosting
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
