Just a quick post to give props to our friends at Acunetix. For the third year in a row, they've won the Reader's Choice award from Windowssecurity.com. Congratulations!
Interestingly enough, I spent time this week in both Detroit and Cleveland helping a software development firm and a publicly traded company learn how to find and fix vulnerabilities like XSS and SQL injection using Acunetix WVS. At both locations, it was encouraging to have not just security managers present, but also JAVA and .NET web developers, analysts, Windows and Linux system engineers, and SQL, Mysql, and Oracle DBAs. To me this indicates a growing understanding that keeping web applications secure is a cross-team effort. And it must begin before the application is released to production.
To echo the sentiment of WindowsSecurity.com readers, let me close this post by sharing a quote from a DBA participating in the sesson:
"Acunetix just paid for itself!"
So what prompted this exclamation? Acunetix WVS found a series of exploitable SQL injecton holes missed by their PCI/DSS auditor's tool. In fact, there was no trace at all of any SQLi holes in the auditor's scan report. And both tools scanned the same code...
Props to Acunetix!
Si...
Comments