GJones wrote:Good evening.
I hope some chap can tell me why do I need to run security test over and over again?
Cheers
Hey GJones, thanks for posting your question on the eValid forum.
The short answer is, because the exploit may not be apparent now, but it might be later. You have to catch it when it is "alive".
A SQL injection exploit, for example, is done by spoofing a user in an included JavaScript based SQL interface request. The exploit works when you visit that particular page which might contain content that is NOT from your own website.
To catch that error you have to visit the page, and THEN run the scan for weakness in that page. But the hackers are smart; the exloit may no be there every time.
So actually trying the page to confirm it has NOT been hacked (that is, is secure) is actually a reasonable to do. The comfort you get is that you are very likely to detect an incursion.
Here is a summary of technical resources that the eValid suite has available to apply to general questions of cybersecurity:
http://www.e-valid.com/Products/Documen ... mmary.html-- eValid Support
by GJones » Thu Apr 17, 2014 2:15 pm