Dark Reading writes that many organizations are hesitant to scan applications for vulnerabilities, preferring to focus resources on the front end of the development cycle rather than searching for vulnerabilities later. Of course, since unknown vulnerabilities will eventually be found and exploited, and the vulnerability landscape is dynamic, this means that organizations are unaware of vulnerabilities and therefore cannot address them. http://alrt.co/Z3Yr0Z
Takeaway: You can’t fix what you don’t know about, and you can’t know about everything. Scanning applications for vulnerabilities is useful, but even better is supplementing scanning with an active defense such as a web application firewall that will provide defense even before vulnerabilities are found.