Asp.net Security : A case using WebInspect
Recently a client contacted me and showed me an application developed in asp.net and Sql server. They explained me that the temporary site they implemented on a hosting service was tested for vulnerabilities using webinspect , ( a web security scanner from Hp ) and the results were alarming. The final user, a well known local bank , outsourced the vulnerabilities detection service from a Canadian company which in turn submitted a report from the tool after a 4-day scan. Web security is a concern, specially for a bank. In an interesting study ,WhiteHat Security Inc, a US company based on Santa Clara CA, found that "the average website had nearly 13 serious vulnerabilities" and "Banking, Insurance, and Healthcare industries performed the best overall regarding the average number of serious vulnerabilities having 5, 6, and 8 respectively. The worst were the IT, Retail, and Education sectors with an average of 24, 17, and 17." This study was conducted