Informative survey from Jeremiah Grossman
Posted by Tate Hansen Tue, 17 Oct 2006 20:59:00 GMT
http://jeremiahgrossman.blogspot.com/2006/10/web-application-security-professionals.htmlWhat caught my eye was #3. 71% responded they never "use a commercial web application vulnerability scanner during security assessments".
That surprised me for a couple of reasons:
1. Clients frequently request the use of a commercial scanner
2. Many of the larger security services firms we deal with (i.e. give us projects) not only have a enterprise type license for one or more commercial tools but also require their use when doing a security assessment on their behalf.
