Does application security assessments done using SaaS solutions (WhiteHat Sentinal and Fortify on Demand) count as penetration tests?

Asked Dec 21 '18 at 16:01

Active Dec 21 '18 at 16:01

Viewed 59 times

SaaS security solutions such as "WhiteHat Sentinal" and "Fortify on Demand" are getting popular now a days. Methodologies of both describe them involving manual verification. Does this qualify the Application security assessment report produced by them as Penetration test report. or would they just still be considered a VA (Vulnerability assessment) report. Does anyone have an understanding on the working of these solutions.

Also, Are there any proper Standards defined by any established organization such as NIST, OWASP, SANS, etc for qualifying an assessment as a Penetration test.

Thanks

PS. I do know the difference between a VA and a PT.

asked Dec 21 '18 at 16:01

EssentialsOfCool

“Who do you think is qualifying the report?” is the real question. If this is to meet an internal company requirement for pen testing, you should refer to your company’s security policy. If this is to meet a PCI QSAs evidence, you should ask the QSA. – John Deters Dec 21 '18 at 19:01

Does application security assessments done using SaaS solutions (WhiteHat Sentinal and Fortify on Demand) count as penetration tests?

0 Answers0