In this special section, eWeek Labs examines the state of the art in security vulnerability detection from several angles. It's cheapest--and most effective--to fix problems while they are in development, and I evaluate two tools designed to detect application security problems . . .
In this special section, eWeek Labs examines the state of the art in security vulnerability detection from several angles. It's cheapest--and most effective--to fix problems while they are in development, and I evaluate two tools designed to detect application security problems before they become security risks: Sanctum Inc.'s AppScan 3.0 and SPI Dynamics Inc.'s WebInspect 2.0.

Both of these products scan only Web applications, however. For ongoing security tests of other pieces of IT infrastructure (such as operating systems, server software and network systems), organizations will need a comprehensive vulnerability scanner. eWeek Labs East Coast Technical Director Jim Rapoza reviews one such scanner, Foundstone Inc.'s FoundScan 2.5. FoundScan is targeted at very large enterprises with hundreds of thousands of servers to manage.

The link for this article located at eWeek is no longer available.