After using various dynamic scanner tools such as AppScan, Micro Focus Fortify, Contrast, and Checkmarx, we discovered that the number of false positives we were picking up began increasing over time, while the number of valid issues was very low. Thus, we decided to use Seeker (an interactive scanner) for our security scans instead, because it allowed us to lower the amount of false positives while simultaneously improving our security coverage. Since Seeker is an agent-based tool, we can integrate it in any area, such as our automation area or functional test area, meaning that whatever gets covered as a part of automation or functional tests will also be reviewed by Seeker. In this way, our coverage is dramatically increased, and at the time that we procured Seeker, we found that the rule sets were at least 75% as comprehensive as the rule sets found in any other dynamic scanner. Seeker's R&D team gave us a very good view of what their plans were and they have continuously added new rules and checkers to the tool. This was another of the main reasons why we went for Seeker as our IAST tool in the first place. In my company, there are around 20 staff members from our security team who use Seeker directly. We also have what we call "security satellites", each with their own ID, across our applications and products, and counting these would put the total users of Seeker at around 45 people.
Internet Security protects computer systems and networks from data breaches, hacks, and other cyber threats. It encompasses a range of tools and protocols designed to safeguard sensitive information while ensuring uninterrupted access to legitimate users.To navigate the complex landscape of Internet Security, IT professionals must consider not only the technical aspects of securing data but also how these solutions integrate with existing infrastructures. Effective Internet Security provides...
After using various dynamic scanner tools such as AppScan, Micro Focus Fortify, Contrast, and Checkmarx, we discovered that the number of false positives we were picking up began increasing over time, while the number of valid issues was very low. Thus, we decided to use Seeker (an interactive scanner) for our security scans instead, because it allowed us to lower the amount of false positives while simultaneously improving our security coverage. Since Seeker is an agent-based tool, we can integrate it in any area, such as our automation area or functional test area, meaning that whatever gets covered as a part of automation or functional tests will also be reviewed by Seeker. In this way, our coverage is dramatically increased, and at the time that we procured Seeker, we found that the rule sets were at least 75% as comprehensive as the rule sets found in any other dynamic scanner. Seeker's R&D team gave us a very good view of what their plans were and they have continuously added new rules and checkers to the tool. This was another of the main reasons why we went for Seeker as our IAST tool in the first place. In my company, there are around 20 staff members from our security team who use Seeker directly. We also have what we call "security satellites", each with their own ID, across our applications and products, and counting these would put the total users of Seeker at around 45 people.