Should You Use an Online Web Security Scanning Service or a Desktop Vulnerability Scanner?
Chances are, you’re well aware of the fact that many popular applications have moved from the desktop the cloud over the past few years.
Word processors, spreadsheets, accounting software and graphic design tools, in many instances, have all made the shift to cloud-based applications. It should come as no surprise that web application vulnerability scanners are also available as cloud applications — often referred to as SaaS (software as a service).
As prevalent as cloud-based applications have become, there are still times when more traditional desktop applications remain the ideal choice. The question is, when evaluating a web application vulnerability scanner, how should you decide between a desktop application or cloud service? Which one is most suitable for your particular use and which one will be most capable of meeting your needs in the future?
In this post, we’re going to take a closer look at some of the benefits and drawbacks of each option and help you to make a more informed decision in the process.
From a technology standpoint, both the desktop and online web vulnerability scanners usually rely on the exact same technology. Ideally, you should be able to configure both versions in the same way. As well, the results from each application should be comparable, if not identical. However, this is a feature you should investigate prior to making a purchasing decision as not all scanners have the same capabilities.
There are a variety of other factors that should be considered when selecting the desktop versions of a web application vulnerability scanners including:
For the end user, a locally installed application means you are responsible for keeping the application up to date. As new web application vulnerability checks are added to the database, most desktop applications will either automatically update or advise you that an update is available. However, in the end, the responsibility of ensuring that the software is up-to-date and properly maintained falls on the end user.
A locally installed web application vulnerability scanner relies on your individual hardware. That means the speed and scalability of scanning can vary greatly depending on the type of hardware you are running. Although your desktop application may allow you to launch multiple instances (and thus scan multiple web applications at once), you’ll eventually come up against hardware limitations.
In addition to hardware limitations, a desktop application offers less functionality in terms of collaboration — making them ideally suited for individuals or very small teams whose requirements are relatively limited.
However, don’t automatically assume that desktop vulnerability scanners are the best choice for someone working as an independent security professional or pen tester. If you’re objective is to scale your business, a cloud-based vulnerability scanner could still be a more appropriate solution.
Cloud-based web application vulnerability scanners offer a variety of features that make them unique (but not necessarily better) than desktop scanners. When making a decision between the two, you’ll need to carefully weigh out the differences.
Not all cloud-based scanners offer the same degree of configurability when compared to desktop scanners. A potential drawback of cloud-based applications is that they are often designed to appeal to a large number of users and in most cases, that involves sacrificing certain functionality. If you’re selecting a cloud-based scanner, check to see what limitations (if any) might apply to your cloud-based solution.
Cloud-based security scanners, unlike their desktop alternatives, offer a truly low maintenance solution. Updating the database of vulnerabilities, improving the user interface and maintaining the hardware upon which the scanner runs are all the responsibility of the software provider. This frees up your resources, allowing you to spend more time on development and testing. It also saves you from having to maintain more expensive hardware.
This is an area where cloud-based security scanners hold an edge over their desktop counterparts. You can easily scale from scanning a single web application to hundreds or even thousands with little additional effort and no additional resource requirements.
In instances where you’re working with a team of application developers or pen testers, cloud-based web application security scanners can offer a variety advantages. The exact features will vary depending on the software but here are some typical collaboration features to look for:
1. The ability to support multiple users with each user being granted customizable privileges.
2. The ability to monitor the activity logs of individual users.
4. Vulnerabilities marked as fixed are automatically rescanned which dramatically reduces the need for detailed oversight.
As with everything security related, there is no perfect, “one size fits all” solution. Both desktop and cloud applications present a variety of advantages and disadvantages. The weight of which are influenced by your specific requirements and objectives.
Desktop based web application vulnerability scanners are ideally suited to situations where scalability and collaboration are not overly important — it would be possible but highly inefficient. While a desktop application might be capable of scanning hundreds of websites per month, it can be challenging to scale beyond that level.
In contrast, cloud-based web application vulnerability scanners can potentially offer the same functionality as their desktop counterparts (not all do). In situations where scalability, collaboration and low maintenance are important, cloud-based solutions are usually the best option.