Seven Signs You’re Not Ready to Run a Web Vulnerability Scan

Looking to hop aboard the Web vulnerability scanning bandwagon to see just how vulnerable your Web site or application really is? Well, not so fast. Here are some signs you’re not ready to begin just yet:
1. You don’t have any desired outcomes from your scanning other than a PDF report you can share with management. Put nothing into your scans and you’ll get exactly that.
2. You’re using an outdated, unproven, “free” scanner because people on the Internet said it was good. In terms of learning curve, finding the issues that matter, and reporting, a free scanner is often the costliest tool of all.
3. You haven’t bothered to at least read the included documentation to learn the basics on how to use the scanner. Entering a URL and blindly clicking Go is a surefire way to not only get very little out of what you’re doing but to also create a false sense of security that all’s well if nothing is found.
4. You’re doing it to please someone else – or shut someone else up – and aren’t going to take any real action on the findings. Creating the facade that you’re doing the right thing in the name of “audit” or “compliance” creates more risks than it mitigates.
5. You’ve gotten the impression that all you (continue reading...)