Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Good benchmark application for web security testing tools?

Good benchmark application for web security testing tools?

From: Peine,Holger <Holger.Peine_at_iese.fraunhofer.de>
Date: Tue, 4 Oct 2005 13:45:36 +0200

The idea of reviewing the available (free or commercial) web application
security testing tools has been mentioned several times on this list.
However, what would a good benchmarking application for these tools be,
i.e. a "typical" web application with a number of known vulnerabilities?

Initially I was thinking of Webgoat, which at least has a nice variety
of vulnerabilities, but Webgoat's structure is not very representative
of your typical web application's structure and workflow (and apart from

that, Webgoat is somewhat small, too). So, what application would you
suggest?

Thanks for your opinion,
Holger Peine 

-- 
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany
Phone +49-631-6800-2134, Fax -1299 (shared)
www.iese.fraunhofer.de/Staff/peine -- PGP key on request or via
http://pgp.mit.edu
Received on Oct 04 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]