WhiteHatSec Tradeup Program
I personally though this was pretty ballsy, and it’s not just because Jeremiah is a friend of mine. WhiteHatSec is offering a trade-up program for other security scanners. The deal essentially allows for a $10k-$30k credit to try Sentinel over any of the other commercial web application security scanners that your company may be using. Like I said, pretty ballsy.
This comes after a paper describing why web application security scanners have a hard time detecting the OWASP top 10. If they can’t find the top 10 then where’s there value? This is a pretty interesting way to put your money where your mouth is if you ask me. It’ll be interesting to hear people’s side by side evaluations of the current solutions they have and Sentinel once they’ve tried both.
January 9th, 2007 at 7:08 pm
It could also be a marketing tactic. Web application security scanner usually admit the scanner can’t do 100% of the job. It’s good for detecting roughly 80% of the vulnerabilities. The remaining 20% need a (human) helping hand.
January 9th, 2007 at 7:13 pm
sed ’s/scanner/scanner vendors/’ in my previous post
January 10th, 2007 at 7:57 am
Wow 80% Chris! That’s impressive. I can’t say I have that much faith left in these automated scanners.
January 10th, 2007 at 12:20 pm
The best that I really agree with is 50% on a scanner that is *really* tuned to how the site behaves. You can’t get any more than that as the rest is down to things that a scanner can’t possibly find - logic problems, disclosure of sensitive data, etc - all things that you have to have a human in front of (with a switched on brain - something I can’t say I always have 100% of the time!).
I’m really supprized that anyone has the balls to give figures that are even approaching 100% - halting problem anyone? [http://en.wikipedia.org/wiki/Halting_problem]