The team I work in uses both automated scanners, along with a few humans testing (minimum of 2)… A good tester should know the weaknesses of the automated testers. The problem with automated testers, is, simply put, they are not human.
That is they will not have intuition that a given function in a website is vulnerable. When testing manually I find I get a feeling a function is vulnerable and then I concentrate on this perceived weakness. Automated testers also only typically test some predefined vulnerabilities and although constantly being improved, they are far from perfect.. IT PRO: Blogs: Dan Jones: Automated security testing & its limitations
From around the Web
- Users not patching third party apps
- Mozilla patches 12 Firefox bugs, a third of them critical
- IE 7 and 8 Default Security Leaves Intranets At Risk
- Microsoft ships fixes for Excel, WordPad malware attacks
- 15 Firefox addons for Web developers
- Windows 7 will nag users 29% less often, Microsoft claims
- Vista7 more secure than Linux and Mac OS X
- Conficker self updates, launches false infection alert
- SSH server attacks resurface
- Hacking Tools & Techniques and How to Protect Your Network from Them
- Microsoft Black Tuesday: Microsoft finally fixes Excel zero day, plus more
- Conficker self updates, launches false infection alert
- Conficker reprogrammed for new attack run
- Rogue security software a rising threat
- Further Windows 7 features revealed