Application Security

Inconsistent Scan Results (Dynamic & Static)

Inconsistent Scan Results Dynamic and Static Scan

Day in, day out, of office there will be multiple dynamic & static scanning in progress. This has been the case for past 4+years. Couple of things that was constant, while the time & team members kept changing was self & the routine complaint of the scan results being inconsistent. Be it dynamic or static the scan results were inconsistent across time even if all other factors like “code/app version, scanner settings etc…” remained unchanged.

With the scanners being proprietary we had little to understand the internal details. What followed all this time is ticket after ticket after ticket after ticket on vendor portal. 

The Horse Refuses to Drink

There is an age old saying - "You can take the horse to the water but you cannot force the horse to drink". Reflecting on this I could think of two reasons either The horse isn't thirsty or .....

It's common knowledge that web applications today are the prime targets for an attacker. Across all reports you will easily see them taking the honours. Now consider the fact that knowledge about the type of attacks and the remediation measures are available across the net to an extent that was never seen before. Handy tutorials and remediation guide exists to assist developers in their fight against hackers. Trusted reusable components are available to avoid reinventing the wheel and shorten the development time. Scanners and tools are available which can be used to perform line by line by code reviews or testing with latest rulepacks.


Subscribe to RSS - Application Security