WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Re: Re: Web Application Security Contest - New Procedure

From: sthalkidis () yahoo com
Date: 24 Jan 2006 08:44:36 -0000
Could someone from the mailing list who has
AppScan run it for the three applications
of the contest and send me the results?
Or could the people from Watchfire send me
a license key for a few days so that I can
run AppScan myself?
The contest is still interesting since 
different approaches for finding security
flaws may be used. For example, a different
approach is followed by Livshits and Lam
from the University of Stanford. They have
developed tools that perform static analysis
for finding code vulnerabilities 
(See for example the 14th USENIX Security
Symposium paper entitled: Finding Security
Vulnerabilities in Java Applications with
Static Analysis).
Furthermore, in order to win the contest
probably someone has to find more attacks than the tools can provide (for example attacks 
related to web services, race conditions).

Spyros Halkidis 

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: