Pravir,
HA! :D
(Knowing me, you can predict what I’m about to say)
YES, explaining what the tools will need to do correctly as they continue
their next-generation isn’t useful to a practitioner on this list today.
...
But, it is very important to understand-as a practitioner-what your too
I wouldn't say that NTO Spider is a "sort of" dynamic web scanner. It is a top
tier scanner that can battle head to head on false negative rate with the big
conglomerates' scanners: IBM AppScan and HP WebInspect. Larry Suto published
an analysis a year ago, that certainly had some flaws (and w
Chris -- Good point with Larry's paper. NTO Spider is, by design, a
simplified scanner for unskilled users, and I do not think it was
designed to be an effective tool for deep dynamic analysis of a web
application. It is, however, probably the best scanner on the market
for people who don't have th
Great answer, John. I especially like your point about web.xml.
This goes dually for black-box testing. There would be a lot of
advantage to being able to get (and compare) these types of config
files today for dialing in BBB (Better Black Box vs. blind black box)
testing. I don't think anyone is