Web development experts believe that the vulnerability scanning tools available these days are not keeping up with the rapidly changing commercial as well as Custom Web Application Development technology. The Black Hat speakers say that there is growing gap between vulnerability scanners or bug-finding tools and web applications in terms of technology, and this is providing opportunities for attackers. These experts asserts that web applications and testing data has to be analyzed by individuals and not tools, so as to identify the wide range of impactful susceptibilities. As a matter of fact, testing tools are not meant to find vulnerabilities, and only guides the knowledgeable person to identify the susceptibility, if any.
The conventional tools are not able to cover many things like login mechanism flaws, some input validation and session management weaknesses, weak passwords, and gotchas in application logic etc. The same problem is seen with mobile devices other issues with network infrastructures. With security testing resources stretched a lot, the organizations are only able to conduct too much manual testing and so they have to rely on semi-automated testing. However, individuals are trying to leverage the tools in unconventional ways and are writing custom scripts to perform commercial and Custom Web Applications inspection in a better way.
Seeing this phenomenon, more and more companies are taking their web security to the next level, and are trying to use products like, Cenzic Hailstorm, which is an award-winning product for offering automated continuous security assessment of both commercial and custom web applications throughout the software development procedure.