Web Application Security Poll


Jeremiah posted a Web Application Security Assessment Poll. My responses:

1) How many web application security assessments will you perform in 2006?
c) 10-25 (I've moved off to code review)
2) What vulnerability reporting standard do you utilize most often?
d) Proprietary
3) Do you use commercial web application vulnerability scanners during security assessments?
d) Most of the time
4) Average number of man-hours required to perform a thorough web application vulnerability assessment on the average commerce website?
e) 40+
5) Do you recommend Web Application Firewalls?
b) no
6) What do you think about the updated PCI Data Security Standard v1.1?
c) Step in the right direction
7) Checking for XSS on public websites without permission?
d) Don't know (Grey area)

Thanks for the Poll, Jeremiah