WebApp Sec mailing list archives
Re: Re: Re: Re: Web Application Security Contest - New Procedure
From: sthalkidis () yahoo com
Date: 24 Jan 2006 08:44:36 -0000
Could someone from the mailing list who has AppScan run it for the three applications of the contest and send me the results? Or could the people from Watchfire send me a license key for a few days so that I can run AppScan myself? The contest is still interesting since different approaches for finding security flaws may be used. For example, a different approach is followed by Livshits and Lam from the University of Stanford. They have developed tools that perform static analysis for finding code vulnerabilities (See for example the 14th USENIX Security Symposium paper entitled: Finding Security Vulnerabilities in Java Applications with Static Analysis). Furthermore, in order to win the contest probably someone has to find more attacks than the tools can provide (for example attacks related to web services, race conditions). Spyros Halkidis ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Web Application Security Contest - New Procedure sthalkidis (Jan 20)
- Re: Web Application Security Contest - New Procedure Dean H. Saxe (Jan 20)
- <Possible follow-ups>
- Re: Re: Web Application Security Contest - New Procedure sthalkidis (Jan 21)
- Re: Re: Re: Web Application Security Contest - New Procedure sthalkidis (Jan 22)
- Re: Re: Re: Re: Web Application Security Contest - New Procedure sthalkidis (Jan 24)