[转载]Web Application Vulnerability Assessment Essentials

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

This article, the first in a three-part series, will provide an overview of what you need to know to perform a vulnerability assessment to check for web security risks. It'll show you what you can reasonably expect a web application security scanner to accomplish, and what types of assessments still require expert eyes. The following two articles will show you how to remedy the web security risks a vulnerability assessment will uncover (and there'll be plenty to do), and the final segment will explain how to instill the proper levels of awareness, policies, and technologies required to keep web application security flaws to a minimum—from an application's conception, design, and coding, to its life in production.