WebApp Sec mailing list archives
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
From: "Joseph Peloquin" <jpelo1 () jcpenney com>
Date: Thu, 24 Aug 2006 07:52:42 -0500
|-----Original Message----- |From: Jeff Robertson [mailto:jeff.robertson () digitalinsight com] |Sent: Thursday, August 24, 2006 7:09 AM |To: enis.karaarslan () ege edu tr; Evans, Arian; rwp () gmx de |Cc: websecurity () webappsec org; webappsec () securityfocus com |Subject: RE: [WEB SECURITY] RE: Environment for testing WebApp |Security Scanners | | |"Real-life" programs meaning applications intended for actual |use, not just for security benchmarking? Wouldn't you want to |fix the vulns you find in those, thereby ruining their value |as benchmarks? More like, "real life", meaning they are written *like* programs intended for actual use, but are used for security benchmarking instead. As in, nobody would ever deploy a "real" webapp that looked like webgoat (which is a poor benchmarking tool as well). I haven't looked at the apps yet, but surely a disclaimer says something to the effect of, "you're a complete moron if you deploy these apps for use in a production environment." -jp
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer.
------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?idp1500000008VnB --------------------------------------------------------------------------
Current thread:
- RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Joseph Peloquin (Aug 24)
- <Possible follow-ups>
- RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Joseph Peloquin (Aug 24)