WebApp Sec mailing list archives
RE: Web App Vulnerabilities Statistical Analysis WP
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 28 Jun 2004 20:25:32 -0500
On Mon, 2004-06-28 at 11:57, Imperva Application Defense Center wrote:
Bottom line, thanks for the nice graphs, and kudos for publishing yet another useless paper...I am giving Imperva the "Spammer of the year award".I find that this type of response unrespectful.
Perhaps it would be better if it were titled "Imperva WebAppSec Scorecard" or "Status Report" or something like that. Whitepapers used to deal with technical issues. Nowadays they seem to carry more marketing than technical detail. Frankly, I didn't get any useful info out of it either, except noting the volume of work you guys have done. It does sadden me to see that some scores in the retest still show significant issues. I would have hoped that, after you guys worked with the client, that his security posture improved a bit more. Perhaps I was reading it wrong or confused by the graphs and charts. I'm curious, though, if you guys look at source code at all. From the categories, it all appears to be focused on remote testing, and you mentioned Penetration Testing a few time. Shouldn't categories like weak database handling or logic errors (or anything else that hints on weak programming practices) be included in the report as well? Do you do source code review during your engagements? (Since you are reporting on the issues you guys found during your tests, perhaps you should elaborate more on your testing process and methodology. Understand that I'm not slamming you here, but what you listed under "Methodology" doesn't describe the one you used for the test. You need to describe your testing process a bit more scientifically.) Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Web App Vulnerabilities Statistical Analysis WP Imperva Application Defense Center (Jun 28)
- <Possible follow-ups>
- RE: Web App Vulnerabilities Statistical Analysis WP yea right (Jun 28)
- RE: Web App Vulnerabilities Statistical Analysis WP Imperva Application Defense Center (Jun 28)
- RE: Web App Vulnerabilities Statistical Analysis WP Frank Knobbe (Jun 29)