Explore an in-depth investigation into the differences between web application scanning tools for detecting XSS and SQL injection vulnerabilities in this AppSecUSA 2017 conference talk. Delve into the challenges faced by automated scanners as web technologies evolve, using the 2015 TalkTalk hack as a case study to highlight the critical importance of secure web applications. Examine how various scanning tools attempt to identify dangerous vulnerabilities and the impact of modern development frameworks on their effectiveness. Learn about the problems scanners encounter with both traditional and contemporary web architectures, including issues like Anti-CSRF tokens, recursive links, and dynamically generated URLs. Gain insights into potential improvements for automated scanning and understand the pitfalls of relying solely on automation without applying intelligence and context. Benefit from the expertise of Robert Feeney, SecOps Lead at Edgescan, as he shares his knowledge on web application security and managed services. Read more