Good Web Security Tools and Why They Matter

Like chemists, carpenters and doctors, those of us working in IT need good tools if we’re expected to do a good job. When dealing with application security, good security testing tools will always set the professionals apart from the amateurs. In fact, the quality of your tools for performing a site security audit will have a direct impact on the number of vulnerabilities you discover and the overall success of your testing.

Many have argued – myself included – that you cannot rely on tools alone to find all security vulnerabilities. This is absolutely correct. In all but the most basic security checks, you have to rely on experience and technical knowledge to root out the less-than-obvious vulnerabilities that blackbox scanners simply cannot find. That said manual testing alone is just too time consuming, limited and, for many, downright difficult. A good balance of tools and manual analysis is needed.
The major issue here is that selecting ineffective security testing tools can be a costly venture. I’ve burned thousands of dollars and countless hours (continue reading...)