IBM AppScan is a good tool to detect security breaches of web applications. Does anybody ever study it? Typically AppScan can find out 10 main attacks including
The typical 10 security breaches
- XSS,
- SQL(Code) Injection,
- Malicious file execution,
- Insecure direct object references,
- CSRF,
- Information to leak out and improper error handling,
- Broken authentication and Session management,
- Insecure cryptographic storage,
- Unsecured communication,
- URL access restrictions fail
The typical 10 security breaches