http://blog.clearnetsec.com/articles/tag/securityassessment en-us 40 <a href="http://jeremiahgrossman.blogspot.com/2006/10/web-application-security-professionals.html">http://jeremiahgrossman.blogspot.com/2006/10/web-application-security-professionals.html</a><br /> <br /> <p> What caught my eye was #3. 71% responded they <b><i>never</b></i> "use a commercial web application vulnerability scanner during security assessments". </p> <p> That surprised me for a couple of reasons:<br /> <blockquote> 1. Clients frequently request the use of a commercial scanner<br /> 2. Many of the larger security services firms we deal with (i.e. give us projects) not only have a enterprise type license for one or more commercial tools but also require their use when doing a security assessment on their behalf. </blockquote> </p> Tue, 17 Oct 2006 14:59:00 -0600 urn:uuid:b6f10037-b524-4b34-bccd-7ccc99fc3f86 tate@ClearNetSec.com (Tate Hansen) http://blog.clearnetsec.com/articles/2006/10/17/informative-survey-from-jeremiah-grossman ClearNet Security Tate Hansen security assessment survey