Revision as of 01:08, 22 June 2007 edit NEUrOO (talk \| contribs) 68 edits →Strengths and weaknesses ← Previous edit		Revision as of 01:14, 22 June 2007 edit undo NEUrOO (talk \| contribs) 68 edits →Strengths and weaknesses Next edit →
Line 6: == Strengths and weaknesses == The web application security scanner is not a perfect tool, it has strength and weaknesses. === Weaknesses and limitations: === * Because the tool is implementing a dynamic testing method, it cannot cover 100% of the source code of the application and then, the application itself. It is really hard for a tool to find lots of logical flaws such as the use of weak cryptographic functions Even for technical flaws, if the application doesn't give enough clue, the tool cannot catch it ** The tool cannot implement all variants of type of attacks for all vulnerabilities, this would take too long time to launch every attacks * === Strength === * The tool is able to analyze the finalize product * It simulate a real attacker by performing attack and try to probe what vulnerabilities are beside the result * As a dynamic tool, it is not language dependent. A web application scanner is able to scan a JSP or PHP application with the same engine. == Some Instances ==

Dynamic application security testing: Difference between revisions