The Right Tool for the Right Job: An Application Security Tools Report Card: Focus on AJAX, Application Security, Security Threats, Vulnerability Management, Web Services

Security Park, the leading online news site for security professionals

Security News Security companies Jobs forum Knowledge base White papers Research library Security books Special reports Security links Security events Classifieds Directory GET LISTED!

Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products

Bank and financial services security Buildings and office security Education and school security Entertainment and events security Homeland and Government security Hospital and healthcare security Infrastructure and utilities security Manufacturing and industrial security Public sector security Residential and home security Retail security SME security Sports and recreational security Transport and logistics security

Develop an ISO 27001-compliant Information Security Management System This useful guide clarifies the steps you have to follow to develop an ISO 27001-compliant ISMS. Each step is integral in how secure your information security system is.

Need a
reference book?
Find it on Amazon:

Security books and magazines in association with Amazon.co.uk

SecurityPark Research Library

The Right Tool for the Right Job: An Application Security Tools Report Card
sponsored by Ounce Labs

Posted:	08 May 2008
Published:	08 May 2008
Format:	PDF
Length:	20 Page(s)
Type:	White Paper
Language:	English

Get this Document

E-mail this to a colleague!

ABSTRACT: In the ever changing landscape of application security, how does an organization choose the right set of tools to mitigate the risks their applications pose to their environment? Equally important: how, when, and by whom are these tools used most effectively? This paper examines the most common tools found in the enterprise application security environment: Web Application Firewalls (WAF) Web Application Scanners (WAS) Source Code Analyzers (SCA) Each tool is evaluated and compared in terms of how they address critical vulnerabilities, beginning with the Top Ten Vulnerabilities identified by the Open Web Application Security Project (OWASP). The paper will provide an at-a-glance "report card" to help ensure that organizations devising their application security strategy have an informed understanding of the approach of each tool, its method for addressing security flaws, and its efficiency and effectiveness in eliminating security threats to data through applications.

AUTHOR: Ryan Berg Co-Founder and Chief Scientist, Ounce Labs Ryan Berg is a Co-Founder and Chief Scientist for Ounce Labs. In addition to advancing the state of the art in application security technologies, Ryan is also a popular speaker, instructor, and author, in the fields of security, risk management, and secure development processes. He holds patents and has patents pending in multi-language security assessment, kernel-level security, intermediary security assessment language, and secure remote communication protocols. Prior to Ounce, Ryan co-founded Qiave Technologies, a pioneer in kernel-level security, which was later sold to WatchGuard Technologies in October of 2000. In the late 1990s, Ryan also designed and developed the infrastructure for GTE Internetworking/Genuity’s appliance-based managed firewall and security services.

BROWSE RELATED RESOURCES:

AJAX | Application Security | Security Threats | Vulnerability Management | Web Services

View All Resources sponsored by Ounce Labs

Library Home | Advertise with Us | Product Library

SecurityPark Research Library Copyright © 1998-2008 Bitpipe, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
TechTarget · 117 Kendrick St · Needham, MA · 02494
Use of this web site constitutes acceptance of the Bitpipe Terms and Conditions and Privacy Policy.
webmaster@bitpipe.com