Cenzic has an open-signature format, with all existing signatures visible and written in JavaScript--a language any Web application assessment professional certainly should understand. Hailstorm doesn't have the slick extensions we found in SPI Dynamics' WebInspect 7.0--the first product in this Rolling Review--nor is its interface nearly as usable and pretty. But it was much more accurate in identifying vulnerabilities in our sample applications. It suffered fewer false positives and no false negatives (unless later scanners find new vulnerabilities).
In addition, though Hailstorm couldn't automatically spider our Ajax application, much as WebInspect failed to do, it did learn the site when we manually walked it through the application, a feat WebInspect could not manage.
Unfortunately, Hailstorm found no vulnerabilities after the scan. Is the result of a relatively small application that is simply well-written, or did Hailstorm miss faults? That will be obvious by the end of this Rolling Review series. Stay tuned.
Continue Reading This Story...
 |
|
|
NWC ANALYTICS
|
|
Don't Hate Me Because I'm Cramped
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
As we move closer to fully realizing the potential of Wi-Fi 7, it becomes evident that the RF, signaling, and throughput tests are not merely procedural checkpoints but the pillars of excellence in wireless communication.
With low earth orbit (LEO) satellites fast becoming the norm and 3GPP unifying telecom standards around the globe, the satellite IoT and machine-to-machine (M2M) sector ought to be looking at a bright horizon. But is this the case?
