Best Practices When Implementing Web Application Scanning into an SDLC

May 30, 2017 Matt Wilgus

Web application scanning, a type of dynamic application security testing (DAST), is an important component for organizations looking to provide a secure online offering to their clients.

Unfortunately, the historical approach of “spider and scan” often does not meet expectations, leaving applications vulnerable. While this is sometimes due to scanning tools lagging or new technologies being deployed, it is more often the case that an organization’s approach has been done in haste, and the people, processes, and technologies in place are not properly configured.

This article will provide an overview on web application scanning, address some of the key areas to consider when implementing or updating a web application scanning program into a software development life cycle (SDLC), and how it can result in applications being more secure and compliance efforts requiring fewer resources.

Read the full article published in the May edition of the ISSA Journal >>

About the Author

Matt Wilgus

Matt Wilgus is a Principal at Schellman, where he leads the Threat and Vulnerability Assessment offerings. In this role he heads the delivery of Schellman’s penetration testing services related to FedRAMP and PCI assessments, as well as other regulatory and compliance programs. Matt has over 20 years’ experience in information security, with a focus on identifying, exploiting and remediating vulnerabilities. In addition, he has vast experience enhancing client security programs while effectively meeting compliance requirements.

More Content by Matt Wilgus
Previous Article
Midyear Security and Privacy Check – In
Midyear Security and Privacy Check – In

2016 and the beginning of 2017 was an incredible year for the cybercriminal. It has brought the ...

Next Article
Case Closed: 3 Benefits ISO 27001 Can Have for Your Law Firm
Case Closed: 3 Benefits ISO 27001 Can Have for Your Law Firm

When you think of a data breach, what comes to mind? It’s probably the image of a hacker stealin...

×

First Name
!
Success
Error - something went wrong!