Home page logo

educause logo Educause Security Discussion mailing list archives

application vulnerability scanning solutions in use
From: "Shamblin, Quinn" <qrs () BU EDU>
Date: Tue, 23 Oct 2012 20:17:37 +0000

Hello All,

A few questions related to application vulnerability scanning and management:

*         Do you have a program to ensure that applications are tested for vulnerabilities?

o   Is it embedded in the application QA or release process, or is scanning done once the app is in prod (or both)?

o   Who runs the tests?  (Developers?  QA?  InfoSec personnel?  Other?)

*         What tool do you use for static cost testing?

*         What tool do you use for dynamic code testing?

o   Do you credentialed scans or anonymous only?

This question was cross posted to educause and Ren-Isac.  I will post some de-identified statistical results back to 
both lists.

Thanks all!

Quinn R Shamblin
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523

  By Date           By Thread  

Current thread:
  • application vulnerability scanning solutions in use Shamblin, Quinn (Oct 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]