WebApp Sec mailing list archives
RE: Good benchmark application for web security testing tools?
From: "Benjamin Livshits" <livshits () cs stanford edu>
Date: Tue, 4 Oct 2005 11:02:51 -0700
We put together a suite of Web application security benchmarks called Stanford SecuriBench: http://suif.stanford.edu/~livshits/securibench/ You will probably find this to be a useful starting point for your purposes. -Ben
-----Original Message----- From: Peine,Holger [mailto:Holger.Peine () iese fraunhofer de] Sent: Tuesday, October 04, 2005 4:46 AM To: webappsec () securityfocus com Subject: Good benchmark application for web security testing tools? The idea of reviewing the available (free or commercial) web application security testing tools has been mentioned several times on this list. However, what would a good benchmarking application for these tools be, i.e. a "typical" web application with a number of known vulnerabilities? Initially I was thinking of Webgoat, which at least has a nice variety of vulnerabilities, but Webgoat's structure is not very representative of your typical web application's structure and workflow (and apart from that, Webgoat is somewhat small, too). So, what application would you suggest? Thanks for your opinion, Holger Peine -- Dr. Holger Peine, Security and Safety Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany Phone +49-631-6800-2134, Fax -1299 (shared) www.iese.fraunhofer.de/Staff/peine -- PGP key on request or via http://pgp.mit.edu
Current thread:
- Good benchmark application for web security testing tools? Peine,Holger (Oct 04)
- Re: Good benchmark application for web security testing tools? Eoin Keary (Oct 04)
- RE: Good benchmark application for web security testing tools? Benjamin Livshits (Oct 04)
- <Possible follow-ups>
- RE: Good benchmark application for web security testing tools? Steven Rebello (Oct 04)
- RE: Good benchmark application for web security testing tools? Evans, Arian (Oct 04)
- RE: Good benchmark application for web security testing tools? Lodin, Steven (Oct 04)
- RE: Good benchmark application for web security testing tools? Ofer Shezaf (Oct 04)
- RE: Good benchmark application for web security testing tools? Mark Curphey (Oct 06)
- RE: Good benchmark application for web security testing tools? Evans, Arian (Oct 07)
- RE: Good benchmark application for web security testing tools? Mark Curphey (Oct 10)