Enterprise Security Weekly #81 [Video]

DZone 's Guide to

Enterprise Security Weekly #81 [Video]

In this interview, a security expert and executive discusses some of the biggest challenges facing the cybersecurity field today.

· Security Zone ·
Free Resource

Ferruh Mavituna, Founder and CEO of Netsparker, was interviewed by Paul Asadoorian and Dr. Doug White during the Enterprise Security Weekly podcast show #81. During the interview, Ferruh talked about:

  • The current focus for Netsparker - scanning at scale. Netsparker Cloud is helping enterprises with thousands of web applications to find vulnerabilities automatically and then begin to take remediation action without delay. Large organizations still suffer data breaches and web application vulnerabilities remain the most common source.
  • He then highlighted the need for product honesty in the web application security industry, as the problem of false positives and poor accuracy can lead to a loss of trust by some organization leaders. Scanners that don't tackle the problem of false positives, can discredit the process and create problems with technology teams when dealing with management.
  • There was a discussion about the relationship between dynamic analysis tools like Netsparker and static analysis tools. Ferruh's view was that the integration of these tools was good to pinpoint vulnerabilities, and suggested the possible use of dynamic tools to validate the findings of the static ones.
  • On the questions of performance that he emphasized was that once a company moves from Netsparker Desktop to Netsparker Cloud, scalability is no longer an issue, since many hundreds and thousands of websites can be scanned at once. Inaccurate scanners that generate large numbers of false positives and false alarms are an impediment to working at scale in any organization, especially one with multiple security problems and priorities to weigh up. What is vital for such organizations is end-to-end vulnerability management: detection, proof of exploit, details including threat levels and remediation advice.
  • It turns out that the biggest challenge to IoT devices is that their code is often written by non-web developers, and therefore don't use the typical queries, language, servers or observe the expected coding standards.
  • Ferruh confirmed that Netsparker will be exhibiting at the RSA Conference 2018 in San Francisco. He extended an invitation to any businesses interested in web application security challenges, including scalability, to come and talk to him there.

cybersecurity, data security, security, security testing, web application security

Published at DZone with permission of Robert Abela , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}