Are there too many tools?
There are a lot of security testing tools trying to do the same thing... or are there? Some tools appear to be doing the same things at surface level, but their scanning abilities may differ in certain areas.
There are a lot of tools trying to do the same thing, we're frequently seeing tools where there are very marginal differences in terms of what they are capable of creating as output.
Having said that, there are also a lot of tools that appear to be doing the same thing at surface level, but they actually excel far better with some technologies versus others. You can take two different DAST scanners, for instance, and if you tried to compare them on one metric like what types of vulnerabilities they're trying to detect, then you'd find that one of them is trying to detect 4,600 vulnerabilities, whereas the other is trying to detect 4,800 vulnerabilities.
You could easily ask here, why do they both exist then? Well, one tool could be trying to detect them against PHP, and one could be trying to detect them against ASP. When you look at tools that way, you realise that there is actually an incredibly diverse portfolio of different tools that an organisation has to choose from.
The challenge is not that there are too many tools with little variation, it's understanding how they are able to differentiate those tools. If you are able to know how to do that and how to interpret the information available to you, then having loads of tools presents endless opportunities as opposed to a burden of choice.
Get a Free Trial From Cytix
Haven’t tried Cytix yet? Try our free trial to see how it works.
Get a Free TrialStart Detecting Vulnerabilities Others Miss Today
- Detect Vulnerabilities Faster
- Patch Vulnerabilities Faster
- Be more compliant