A vulnerability scan plan
Conventional wisdom says that looking for trouble isn't a good idea. When it comes to IT security, however, finding system troubles before anyone else does is the name of the game. In this special section, eWeek Labs examines the state of the art in security vulnerability detection from several angles.
It's cheapest—and most effective—to fix problems while they are in development, and I evaluate two tools designed to detect application security problems before they become security risks: Sanctum Inc.'s AppScan 3.0 and SPI Dynamics Inc.'s WebInspect 2.0.
[ Read more ]