WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Environment for testing WebApp Security Scanners

From: René Palige <rwp () gmx de>
Date: Mon, 07 Aug 2006 22:33:02 +0200
Hi!
I?m currently working on my bachelor thesis which is about the development of a testsuite for different Web Application Security Scanners. My goal is to provide an environment which can be used as a basis for testing and evaluating the performance of the many tools already existing. Consequently the main part of my work will be to implement different types of vulnerabilites in more or less realistic scenarios and with different characteristics. At the moment I?m planning to use OWASPs WebGoat as some kind of groundwork. 
My questions:
Which "features" would you consider to be necessary or useful in this context? And what basic requirements do you see which should be met? Would it be best to focus on "real-life scenarios"? Or rather to cover as many aspects of a special class of vulnerabilities as possible? 

Thanks in advance,
R. Palige




-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB 
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: