WebApp Sec mailing list archives

RE: Good benchmark application for web security testing tools?

From: "Steven Rebello" <stevenr () mastek com>
Date: Tue, 4 Oct 2005 18:03:51 +0530


How about Foundstone's HacmeBank
(www.foundstone.com/resources/proddesc/hacmebank.htm) ? Anyone tried
this application for benchmarking ? 

I'll be getting on this benchmarking task myself soon. If you can wait a
week or two, mostly I'll send you the review myself :)

_____________________________________________
Steven Rebello
Technology Cell
Mastek Limited
"This email is printed using 100% recycled electrons"





-----Original Message-----
From: Peine,Holger [mailto:Holger.Peine () iese fraunhofer de] 
Sent: Tuesday, October 04, 2005 5:16 PM
To: webappsec () securityfocus com
Subject: Good benchmark application for web security testing tools?

The idea of reviewing the available (free or commercial) web application
security testing tools has been mentioned several times on this list.
However, what would a good benchmarking application for these tools be,
i.e. a "typical" web application with a number of known vulnerabilities?

Initially I was thinking of Webgoat, which at least has a nice variety
of vulnerabilities, but Webgoat's structure is not very representative
of your typical web application's structure and workflow (and apart from

that, Webgoat is somewhat small, too). So, what application would you
suggest?

Thanks for your opinion,
Holger Peine

--
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany Phone
+49-631-6800-2134, Fax -1299 (shared) www.iese.fraunhofer.de/Staff/peine
-- PGP key on request or via http://pgp.mit.edu
  






MASTEK 
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCO

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not that of Mastek Limited, unless specifically 
indicated to that effect. Mastek Limited does not accept any responsibility or liability for it. This e-mail and 
attachments (if any) transmitted with it are confidential and/or privileged and solely for the use of the intended 
person or entity to which it is addressed. Any review, re-transmission, dissemination or other use of or taking of any 
action in reliance upon this information by persons or entities other than the intended recipient is prohibited. This 
e-mail and its attachments have been scanned for the presence of computer viruses. It is the responsibility of the 
recipient to run the virus check on e-mails and attachments before opening them. If you have received this e-mail in 
error, kindly delete this e-mail from all computers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Current thread:

Good benchmark application for web security testing tools? Peine,Holger (Oct 04)
- Re: Good benchmark application for web security testing tools? Eoin Keary (Oct 04)
- RE: Good benchmark application for web security testing tools? Benjamin Livshits (Oct 04)
- <Possible follow-ups>
- RE: Good benchmark application for web security testing tools? Steven Rebello (Oct 04)
- RE: Good benchmark application for web security testing tools? Evans, Arian (Oct 04)
- RE: Good benchmark application for web security testing tools? Lodin, Steven (Oct 04)
- RE: Good benchmark application for web security testing tools? Ofer Shezaf (Oct 04)
- RE: Good benchmark application for web security testing tools? Mark Curphey (Oct 06)
- RE: Good benchmark application for web security testing tools? Evans, Arian (Oct 07)
- RE: Good benchmark application for web security testing tools? Mark Curphey (Oct 10)