About Automated Vulnerability Discovery Changes

We are about to deploy a major improvement of our automatic web security testing technology. This improvement makes the Scanner, from the online Suite, more complete and the Foundation much faster.

So what are these improvements? Well, it boils down to how we craw your applications. Up until this point both Foundation and Scanner were using the same strategy and that is to spider the pages and try a few mutations when generating the requests. With the new changes in place, the Foundation tool will only do spidering making it a lot quicker without huge sacrifice in terms of vulnerability coverage. The Scanner, on the other hand will become a lot more complete performing not only spidering but also a dozen of mutation techniques for full coverage.

But wait! You may be thinking that the Scanner will become slower. While, the amounts of requests the Scanner generates may increase, we have added several small improvements that will make the overall performance better and reduce the runtime. The overall effect of these changes should be a visibly improved experience.

We have scheduled more work in this area aiming to make our testing technology the most performant. It is nearly there and we are way ahead to make our mid-term goals reality.

Stay tuned.