[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Are there any disadvantage of Application Security SaaS offering?
- From: Mostafa Siraj <mostafa.siraj@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] Are there any disadvantage of Application Security SaaS offering?
- Date: Tue, 21 Jul 2009 12:53:30 +0300
--0016e6dab57b444555046f343b1a
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hello Sutapa,
I guess there are many major disadvantages of using "Application Security"
SaaS, here are some who came to my mind
1- if the Pen Test scanning - with WebInspect in case of HP- will be
performed remotely -on your testing environment- it will have a major
performance overhead
2- as you said sharing your source code with a third party is not a very
smart thing to do
I believe that the best thing to do is to buy Engagement License which
allows you to use their software at your own firm for 2 weeks or something,
this will help you get the cost reduction you want without imposing your
data to risk or have a performance overhead
Regards,
Mostafa Siraj <http://allaboutapplicationsecurity.blogspot.com/>
Application Security Expert
ITWorx Egypt
www.ITWorx.com
On Tue, Jul 21, 2009 at 9:22 AM, sutapa dey <sutapaeie10@yahoo.co.in> wrote:
> Hi All,
>
> Today, there are couple of vendors in market such as WhiteHat Sentinel, HP
> Application Security Center, who are offering application security softwares
> as a service. I accept that there are manifold advantages of a SaaS model,
> the prime one being cost reduction.
> But as every model has it's own advantages as well as disadvantages,
> similarly SaaS with respect to app security also must be having some
> disadvantages.
>
> Just wanting to know your suggestions on what possible disadvantages SaaS
> for app security has. From my side, one suggestion may be sharing
> "application code/application details" to a third party may pose a risk.
>
> Regards,
> Sutapa
>
> ------------------------------
> See the Web's breaking stories, chosen by people like you. Check out Yahoo!
> Buzz <http://in.rd.yahoo.com/tagline_buzz_1/*http://in.buzz.yahoo.com/>.
>
--
"Our deepest fear is not that we are inadequate. Our deepest fear is that we
are powerful beyond measure. It is our light, not our darkness, that most
frightens us. We ask ourselves, who am I to be brilliant, gorgeous,
talented, and fabulous?Actually, who are you not to be? You are a child of
God. Your playing small doesn't serve the world. There's nothing enlightened
about shrinking so that other people won't feel insecure around you. We are
all meant to shine, as children do. We are born to make manifest the glory
of God that is within us. It's not just in some of us, it's in everyone. And
as we let our own light shine, we unconsciously give other people permission
to do the same. As we are liberated from our own fear, our presence
automatically liberates others." --Nelson Mandela--
--0016e6dab57b444555046f343b1a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hello Sutapa,<div><br></div><div>I guess there are many ma=
jor disadvantages of using "Application Security" SaaS, here are =
some who came to my mind</div><div><br></div><div>1- if the Pen Test=A0scan=
ning=A0- with WebInspect in case of HP- will be performed remotely -on your=
testing environment- it will have a major performance overhead</div>
<div>2- as you said sharing your source code with a third party is not a ve=
ry smart thing to do</div><div><br></div><div>I believe that the best thing=
to do is to buy Engagement License which allows you to use their software =
at your own firm for 2 weeks or something, this will help you get the cost =
reduction you want without imposing your data to risk or have a performance=
overhead</div>
<div><br></div><div><p class=3D"MsoNormal"><a name=3D"_MailAutoSig"><span s=
tyle=3D"mso-fareast-font-family:
"Times New Roman";mso-fareast-theme-font:minor-fareast;mso-no-pro=
of:yes">Regards,</span></a></p>
<p class=3D"MsoNormal"><span style=3D"mso-bookmark:_MailAutoSig"></span><a =
href=3D"http://allaboutapplicationsecurity.blogspot.com/";><span style=3D"ms=
o-bookmark:
_MailAutoSig"><span style=3D"mso-fareast-font-family:"Times New Roman&=
quot;;
mso-fareast-theme-font:minor-fareast;mso-no-proof:yes">Mostafa Siraj</span>=
</span><span style=3D"mso-bookmark:_MailAutoSig"></span></a><span style=3D"=
mso-bookmark:_MailAutoSig"><span style=3D"mso-fareast-font-family:"Tim=
es New Roman";mso-fareast-theme-font:minor-fareast;
mso-no-proof:yes"></span></span></p>
<p class=3D"MsoNormal"><span style=3D"mso-bookmark:_MailAutoSig"><span styl=
e=3D"mso-fareast-font-family:"Times New Roman";mso-fareast-theme-=
font:minor-fareast;
mso-no-proof:yes">Application Security Expert</span></span></p>
<p class=3D"MsoNormal"><span style=3D"mso-bookmark:_MailAutoSig"><span styl=
e=3D"mso-fareast-font-family:"Times New Roman";mso-fareast-theme-=
font:minor-fareast;
mso-no-proof:yes">ITWorx Egypt</span></span></p>
<p class=3D"MsoNormal"><span style=3D"mso-bookmark:_MailAutoSig"><span styl=
e=3D"mso-fareast-font-family:"Times New Roman";mso-fareast-theme-=
font:minor-fareast;
mso-no-proof:yes"><a href=3D"http://www.ITWorx.com";>www.ITWorx.com</a></spa=
n></span></p></div><div><br></div><div><br></div><div><br></div><div><br></=
div><div><br><br><div class=3D"gmail_quote">On Tue, Jul 21, 2009 at 9:22 AM=
, sutapa dey <span dir=3D"ltr"><<a href=3D"mailto:sutapaeie10@yahoo.co.i=
n">sutapaeie10@yahoo.co.in</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;"><table cellspacing=3D"0" cellpadding=3D"0" =
border=3D"0"><tbody><tr><td valign=3D"top" style=3D"font:inherit">Hi All,<b=
r><br>Today, there are couple of vendors in market such as WhiteHat Sentine=
l, HP Application Security Center, who are offering application security so=
ftwares as a service. I accept that there are manifold advantages of a SaaS=
model, the prime one being cost reduction.<br>
But as every model has it's own advantages as well as disadvantages, si=
milarly SaaS with respect to app security also must be having some disadvan=
tages.<br><br>Just wanting to know your suggestions on what possible disadv=
antages SaaS for app security has. From my side, one suggestion may be shar=
ing "application code/application details" to a third party may p=
ose a risk.<br>
<br>Regards,<br><font color=3D"#888888">Sutapa <br></font></td></tr></tbody=
></table><div class=3D"hm"><br>
<hr size=3D"1"> See the Web's breaking stories, chosen by people =
like you. Check out <a href=3D"http://in.rd.yahoo.com/tagline_buzz_1/*http:=
//in.buzz.yahoo.com/" target=3D"_blank"> Yahoo! Buzz</a>.</div></blockquote=
>
</div><br><br clear=3D"all"><br>-- <br>"Our deepest fear is not that w=
e are inadequate. Our deepest fear is that we are powerful beyond measure. =
It is our light, not our darkness, that most frightens us. We ask ourselves=
, who am I to be brilliant, gorgeous, talented, and fabulous?Actually, who =
are you not to be? You are a child of God. Your playing small doesn't s=
erve the world. There's nothing enlightened about shrinking so that oth=
er people won't feel insecure around you. We are all meant to shine, as=
children do. We are born to make manifest the glory of God that is within =
us. It's not just in some of us, it's in everyone. And as we let ou=
r own light shine, we unconsciously give other people permission to do the =
same. As we are liberated from our own fear, our presence automatically lib=
erates others." --Nelson Mandela--<br>
</div></div>
--0016e6dab57b444555046f343b1a--
Brought to you by http://www.webappsec.org
Search this site
|