Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Good benchmark application for web security testing tools?

RE: Good benchmark application for web security testing tools?

From: Steven Rebello <stevenr_at_mastek.com>
Date: Tue, 4 Oct 2005 18:03:51 +0530

How about Foundstone's HacmeBank (www.foundstone.com/resources/proddesc/hacmebank.htm) ? Anyone tried this application for benchmarking ? I'll be getting on this benchmarking task myself soon. If you can wait a week or two, mostly I'll send you the review myself :) _____________________________________________ Steven Rebello Technology Cell Mastek Limited "This email is printed using 100% recycled electrons" -----Original Message----- From: Peine,Holger [mailto:Holger.Peine@iese.fraunhofer.de] Sent: Tuesday, October 04, 2005 5:16 PM To: webappsec@securityfocus.com Subject: Good benchmark application for web security testing tools? The idea of reviewing the available (free or commercial) web application security testing tools has been mentioned several times on this list. However, what would a good benchmarking application for these tools be, i.e. a "typical" web application with a number of known vulnerabilities? Initially I was thinking of Webgoat, which at least has a nice variety of vulnerabilities, but Webgoat's structure is not very representative of your typical web application's structure and workflow (and apart from that, Webgoat is somewhat small, too). So, what application would you suggest? Thanks for your opinion, Holger Peine -- Dr. Holger Peine, Security and Safety Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany Phone +49-631-6800-2134, Fax -1299 (shared) www.iese.fraunhofer.de/Staff/peine -- PGP key on request or via http://pgp.mit.edu MASTEK "Making a valuable difference" Mastek in NASSCOM's 'India Top 20' Software Service Exporters List. In the US, we're called MAJESCO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Opinions expressed in this e-mail are those of the individual and not that of Mastek Limited, unless specifically indicated to that effect. Mastek Limited does not accept any responsibility or liability for it. This e-mail and attachments (if any) transmitted with it are confidential and/or privileged and solely for the use of the intended person or entity to which it is addressed. Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. This e-mail and its attachments have been scanned for the presence of computer viruses. It is the responsibility of the recipient to run the virus check on e-mails and attachments before opening them. If you have received this e-mail in error, kindly delete this e-mail from all computers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received on Oct 04 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]