WebApp Sec mailing list archives

RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners

From: "Joseph Peloquin" <jpelo1 () jcpenney com>
Date: Thu, 24 Aug 2006 07:52:42 -0500


|-----Original Message-----
|From: Jeff Robertson [mailto:jeff.robertson () digitalinsight com]
|Sent: Thursday, August 24, 2006 7:09 AM
|To: enis.karaarslan () ege edu tr; Evans, Arian; rwp () gmx de
|Cc: websecurity () webappsec org; webappsec () securityfocus com
|Subject: RE: [WEB SECURITY] RE: Environment for testing WebApp
|Security Scanners
|
|
|"Real-life" programs meaning applications intended for actual
|use, not just for security benchmarking? Wouldn't you want to
|fix the vulns you find in those, thereby ruining their value
|as benchmarks?

More like, "real life", meaning they are written *like* programs
intended for actual use, but are used for security benchmarking instead.
As in, nobody would ever deploy a "real" webapp that looked like webgoat
(which is a poor benchmarking tool as well).

I haven't looked at the apps yet, but surely a disclaimer says something
to the effect of, "you're a complete moron if you deploy these apps for
use in a production environment."

-jp

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!

https://www.watchfire.com/securearea/appscancamp.aspx?idp1500000008VnB
--------------------------------------------------------------------------

Current thread:

RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Joseph Peloquin (Aug 24)
- <Possible follow-ups>
- RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Joseph Peloquin (Aug 24)