Should You Use an Online Web Security Scanning Service or a Desktop Vulnerability Scanner?
Should You Use an Online Web Security Scanning Service or a Desktop Vulnerability Scanner?
Chances
are, you’re well aware of the fact that many popular applications have
moved from the desktop the cloud over the past few years.
Word
processors, spreadsheets, accounting software and graphic design tools,
in many instances, have all made the shift to cloud-based applications.
It should come as no surprise that web application vulnerability scanners are also available as cloud applications — often referred to as SaaS (software as a service).
As prevalent
as cloud-based applications have become, there are still times when more
traditional desktop applications remain the ideal choice. The question
is, when evaluating a web application vulnerability scanner,
how should you decide between a desktop application or cloud service?
Which one is most suitable for your particular use and which one will be
most capable of meeting your needs in the future?
In this post,
we’re going to take a closer look at some of the benefits and drawbacks
of each option and help you to make a more informed decision in the
process.
Desktop Web Application Vulnerability Scanners
From a
technology standpoint, both the desktop and online web vulnerability
scanners usually rely on the exact same technology. Ideally, you should
be able to configure both versions in the same way. As well, the results
from each application should be comparable, if not identical. However,
this is a feature you should investigate prior to making a purchasing
decision as not all scanners have the same capabilities.
There are a
variety of other factors that should be considered when selecting the
desktop versions of a web application vulnerability scanners including:
Updating the Vulnerability Database
For the end user, a locally installed application means you are responsible for keeping the application up to date. As new web application vulnerability checks
are added to the database, most desktop applications will either
automatically update or advise you that an update is available. However,
in the end, the responsibility of ensuring that the software is
up-to-date and properly maintained falls on the end user.
Reduced Scalability of Desktop Scanners
A locally
installed web application vulnerability scanner relies on your
individual hardware. That means the speed and scalability of scanning
can vary greatly depending on the type of hardware you are running.
Although your desktop application may allow you to launch multiple
instances (and thus scan multiple web applications at once), you’ll
eventually come up against hardware limitations.
In addition to
hardware limitations, a desktop application offers less functionality
in terms of collaboration — making them ideally suited for individuals
or very small teams whose requirements are relatively limited.
However, don’t
automatically assume that desktop vulnerability scanners are the best
choice for someone working as an independent security professional or
pen tester. If you’re objective is to scale your business, a cloud-based
vulnerability scanner could still be a more appropriate solution.
Cloud-Based Web Application Vulnerability Scanners
Cloud-based
web application vulnerability scanners offer a variety of features that
make them unique (but not necessarily better) than desktop scanners.
When making a decision between the two, you’ll need to carefully weigh
out the differences.
Functionality and Adaptability
Not all
cloud-based scanners offer the same degree of configurability when
compared to desktop scanners. A potential drawback of cloud-based
applications is that they are often designed to appeal to a large number
of users and in most cases, that involves sacrificing certain
functionality. If you’re selecting a cloud-based scanner, check to see
what limitations (if any) might apply to your cloud-based solution.
Cloud-based Vulnerability Scanners are Low Maintenance
Cloud-based security scanners, unlike their desktop alternatives, offer a truly low maintenance
solution. Updating the database of vulnerabilities, improving the user
interface and maintaining the hardware upon which the scanner runs are
all the responsibility of the software provider. This frees up your
resources, allowing you to spend more time on development and testing.
It also saves you from having to maintain more expensive hardware.
Unprecedented Scalability
This is an area where cloud-based security scanners hold an edge over their desktop counterparts. You can easily scale from scanning a single web application to hundreds or even thousands with little additional effort and no additional resource requirements.
Easily Collaborate With Your Team
In instances
where you’re working with a team of application developers or pen
testers, cloud-based web application security scanners can offer a
variety advantages. The exact features will vary depending on the
software but here are some typical collaboration features to look for:
1. The ability to support multiple users with each user being granted customizable privileges.
2. The ability to monitor the activity logs of individual users.
4. Vulnerabilities marked as fixed are automatically rescanned which dramatically reduces the need for detailed oversight.
Should you Choose a Cloud or Desktop Based Vulnerability Scanner?
As with
everything security related, there is no perfect, “one size fits all”
solution. Both desktop and cloud applications present a variety of
advantages and disadvantages. The weight of which are influenced by your
specific requirements and objectives.
Desktop based
web application vulnerability scanners are ideally suited to situations
where scalability and collaboration are not overly important — it would
be possible but highly inefficient. While a desktop application might be
capable of scanning hundreds of websites per month, it can be
challenging to scale beyond that level.
0 comments:
Post a Comment