WebApp Sec mailing list archives
RE: Good benchmark application for web security testing tools?
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Tue, 4 Oct 2005 16:47:51 -0500
--comments inline--
-----Original Message----- From: Steven Rebello [mailto:stevenr () mastek com] How about Foundstone's HacmeBank (www.foundstone.com/resources/proddesc/hacmebank.htm) ? Anyone tried this application for benchmarking ?
Yes. This is not a very good application for benchmarking. The only good applications for benchmarking currently are the applications you are going to run the scanner on. The scan tools can vary wildly on different apps. I am scrambling to update my tools presentation for OWASP/NIST DC and I'll talk there more why the above is true, and examine some differences and failings in the scanner contenders versus human eyeballs, even on the stuff that should be *automatable*. God help you if my slides make any sense and you don't attend the presentation, but for amusement's sake they will be available so you can download them and give them a spin after the conf. I actually have a fair bit of the info in HTML I will try to get on the portal for conference release. I would like to introduce something "tangible" at OWASP/DC like the brilliant OWASP Guide PDF, minus the brilliance & PDF. Benchmarking, -ae
Current thread:
- Good benchmark application for web security testing tools? Peine,Holger (Oct 04)
- Re: Good benchmark application for web security testing tools? Eoin Keary (Oct 04)
- RE: Good benchmark application for web security testing tools? Benjamin Livshits (Oct 04)
- <Possible follow-ups>
- RE: Good benchmark application for web security testing tools? Steven Rebello (Oct 04)
- RE: Good benchmark application for web security testing tools? Evans, Arian (Oct 04)
- RE: Good benchmark application for web security testing tools? Lodin, Steven (Oct 04)
- RE: Good benchmark application for web security testing tools? Ofer Shezaf (Oct 04)
- RE: Good benchmark application for web security testing tools? Mark Curphey (Oct 06)
- RE: Good benchmark application for web security testing tools? Evans, Arian (Oct 07)
- RE: Good benchmark application for web security testing tools? Mark Curphey (Oct 10)