Quote:
Originally Posted by AJHall
IMO the only way to really know is to run penetration tests and use the same methods that hackers use to find exploits and breaches in software. Even someone "competent" is likely to miss something and no coder out there knows everything or will be able to identify every possible exploit.  |
With all respect this is false. A "competent" person will find faulty code and logic better than any scanner, and that is how vulnerabilities are discovered. The trouble is most people who think they are competent actually aren't, and the scanners people rely on often times miss many things.
There's a big difference between just a developer and someone specializing in security, and the big problem is few realize there's a difference.