This article has been indexed from Security Boulevard
One of the most common issues with security testing of applications is being inundated with vulnerability reports, containing too many vulnerabilities for a typical development team to handle. This includes reports from testing tools like SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing). The problem isn’t just the volume of vulnerabilities, but the difficulty in determining which vulnerabilities are real (as opposed to false positives), which are just informational, which are severe or critical, which actually exist in the application (as opposed to just in a library that’s included but not used by the application), and perhaps most importantly which vulnerabilities are actually exploitable.
The post Too Many Vulnerability Reports? Not Enough Real Vulnerabilities? appeared first on K2io.
The post Too Many Vulnerability Reports? Not Enough Real Vulnerabilities? appeared first on Security Boulevard.
Read the original article: Too Many Vulnerability Reports? Not Enough Real Vulnerabilities?