.svg)
.svg)
Are there too many tools?
There are a lot of security testing tools trying to do the same thing... or are there? Some tools appear to be doing the same things at surface level, but their scanning abilities may differ in certain areas.
There are a lot of tools trying to do the same thing, we're frequently seeing tools where there are very marginal differences in terms of what they are capable of creating as output.
Having said that, there are also a lot of tools that appear to be doing the same thing at surface level, but they actually excel far better with some technologies versus others. You can take two different DAST scanners, for instance, and if you tried to compare them on one metric like what types of vulnerabilities they're trying to detect, then you'd find that one of them is trying to detect 4,600 vulnerabilities, whereas the other is trying to detect 4,800 vulnerabilities.
You could easily ask here, why do they both exist then? Well, one tool could be trying to detect them against PHP, and one could be trying to detect them against ASP. When you look at tools that way, you realise that there is actually an incredibly diverse portfolio of different tools that an organisation has to choose from.
The challenge is not that there are too many tools with little variation, it's understanding how they are able to differentiate those tools. If you are able to know how to do that and how to interpret the information available to you, then having loads of tools presents endless opportunities as opposed to a burden of choice.
.svg)
Get a Free Trial From Cytix
Haven’t tried Cytix yet? Try our free trial to see how it works.
Get a Free Trial
.svg)
.svg)
Start Detecting Vulnerabilities Others Miss Today
- Detect Vulnerabilities Faster
- Patch Vulnerabilities Faster
- Be more compliant
.
28 Apr
2024
How do you understand performance over time?
.svg)
In order to get to grips with the performance of your software or product over time, you really need to be taking incremental measurements of your cybersecurity.
.
21 Apr
2024
Will there come a day where there are 0 vulnerabilities to find?
There's a growing potential for AI to remove many sources of vulnerabilities, but does that mean we're going to see a day where code is being written without any vulnerabilities being introduced into systems?
.
21 Apr
2024
How do you work out MTTR (Mean Time to Response)?
MTTR is all about looking at where you're handing your information over to the people who are responsible for fixing the vulnerabilities. Once it's handed over, the process has begun. So, we know where the timer starts, but where does it end? When have we determined that the response period is finished?
