Network Security: Detailed info on Environment for testing WebApp Security Scanners

Subject:	Environment for testing WebApp Security Scanners
Date:	Mon, 07 Aug 2006 22:33:02 +0200

Subject:

Environment for testing WebApp Security Scanners

Date:

Mon, 07 Aug 2006 22:33:02 +0200

Hi!

I?m currently working on my bachelor thesis which is about the development of a testsuite for different Web Application Security Scanners. My goal is to provide an environment which can be used as a basis for testing and evaluating the performance of the many tools already existing. Consequently the main part of my work will be to implement different types of vulnerabilites in more or less realistic scenarios and with different characteristics. At the moment I?m planning to use OWASPs WebGoat as some kind of groundwork. My questions: Which "features" would you consider to be necessary or useful in this context? And what basic requirements do you see which should be met? Would it be best to focus on "real-life scenarios"? Or rather to cover as many aspects of a special class of vulnerabilities as possible?

Thanks in advance,
R. Palige


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Environment for testing WebApp Security Scanners, René Palige <= RE: Environment for testing WebApp Security Scanners, Mark Curphey Re: Environment for testing WebApp Security Scanners, Roman H. RE: Environment for testing WebApp Security Scanners, Brokken, Allen P. Re: Environment for testing WebApp Security Scanners, Dean H. Saxe Re: Environment for testing WebApp Security Scanners, Gerald Quakenbush RE: Environment for testing WebApp Security Scanners, Mark Curphey Re: Environment for testing WebApp Security Scanners, mikeiscool Re: Environment for testing WebApp Security Scanners, Dean H. Saxe Re: Environment for testing WebApp Security Scanners, mikeiscool Re: Environment for testing WebApp Security Scanners, c0redump

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs
Next by Date:	SF new column announcement: E-mail privacy in the workplace, Craig Wright
Previous by Thread:	Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs
Next by Thread:	RE: Environment for testing WebApp Security Scanners, Mark Curphey
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs

Next by Date:

SF new column announcement: E-mail privacy in the workplace, Craig Wright

Previous by Thread:

Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs

Next by Thread:

RE: Environment for testing WebApp Security Scanners, Mark Curphey

Indexes:

[Date] [Thread] [Top] [All Lists]