After using various dynamic scanner tools such as AppScan, Micro Focus Fortify, Contrast, and Checkmarx, we discovered that the number of false positives we were picking up began increasing over time, while the number of valid issues was very low. Thus, we decided to use Seeker (an interactive scanner) for our security scans instead, because it allowed us to lower the amount of false positives while simultaneously improving our security coverage. Since Seeker is an agent-based tool, we can integrate it in any area, such as our automation area or functional test area, meaning that whatever gets covered as a part of automation or functional tests will also be reviewed by Seeker. In this way, our coverage is dramatically increased, and at the time that we procured Seeker, we found that the rule sets were at least 75% as comprehensive as the rule sets found in any other dynamic scanner. Seeker's R&D team gave us a very good view of what their plans were and they have continuously added new rules and checkers to the tool. This was another of the main reasons why we went for Seeker as our IAST tool in the first place. In my company, there are around 20 staff members from our security team who use Seeker directly. We also have what we call "security satellites", each with their own ID, across our applications and products, and counting these would put the total users of Seeker at around 45 people.
Internet security encompasses all activities that play a role in managing and protecting any environment from potential cyber risks or threats resulting from interacting with web browsers, web applications, websites networks, and online behaviors.
After using various dynamic scanner tools such as AppScan, Micro Focus Fortify, Contrast, and Checkmarx, we discovered that the number of false positives we were picking up began increasing over time, while the number of valid issues was very low. Thus, we decided to use Seeker (an interactive scanner) for our security scans instead, because it allowed us to lower the amount of false positives while simultaneously improving our security coverage. Since Seeker is an agent-based tool, we can integrate it in any area, such as our automation area or functional test area, meaning that whatever gets covered as a part of automation or functional tests will also be reviewed by Seeker. In this way, our coverage is dramatically increased, and at the time that we procured Seeker, we found that the rule sets were at least 75% as comprehensive as the rule sets found in any other dynamic scanner. Seeker's R&D team gave us a very good view of what their plans were and they have continuously added new rules and checkers to the tool. This was another of the main reasons why we went for Seeker as our IAST tool in the first place. In my company, there are around 20 staff members from our security team who use Seeker directly. We also have what we call "security satellites", each with their own ID, across our applications and products, and counting these would put the total users of Seeker at around 45 people.