WebApp Sec mailing list archives
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
From: "Joseph Peloquin" <jpelo1 () jcpenney com>
Date: Thu, 24 Aug 2006 16:46:48 +0200
|-----Original Message----- |From: Jeff Robertson [mailto:jeff.robertson () digitalinsight com] |Sent: Thursday, August 24, 2006 7:09 AM |To: enis.karaarslan () ege edu tr; Evans, Arian; rwp () gmx de |Cc: websecurity () webappsec org; webappsec () securityfocus com |Subject: RE: [WEB SECURITY] RE: Environment for testing WebApp |Security Scanners | | |"Real-life" programs meaning applications intended for actual |use, not just for security benchmarking? Wouldn't you want to |fix the vulns you find in those, thereby ruining their value |as benchmarks? More like, "real life", meaning they are written *like* programs intended for actual use, but are used for security benchmarking instead. As in, nobody would ever deploy a "real" webapp that looked like webgoat (which is a poor benchmarking tool as well). I haven't looked at the apps yet, but surely a disclaimer says something to the effect of, "you're a complete moron if you deploy these apps for use in a production environment." -jp
Attachment:
Signature.txt
Description:
Attachment:
ATT00070.txt
Description:
------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------
Current thread:
- RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Joseph Peloquin (Aug 24)
- <Possible follow-ups>
- RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Joseph Peloquin (Aug 24)