We put together a suite of Web application security benchmarks called
Stanford SecuriBench:
http://suif.stanford.edu/~livshits/securibench/
You will probably find this to be a useful starting point for your purposes.
-Ben
> -----Original Message-----
> From: Peine,Holger [mailto:Holger.Peine_at_iese.fraunhofer.de]
> Sent: Tuesday, October 04, 2005 4:46 AM
> To: webappsec_at_securityfocus.com
> Subject: Good benchmark application for web security testing tools?
>
> The idea of reviewing the available (free or commercial) web
> application security testing tools has been mentioned several
> times on this list.
> However, what would a good benchmarking application for these
> tools be, i.e. a "typical" web application with a number of
> known vulnerabilities?
>
> Initially I was thinking of Webgoat, which at least has a
> nice variety of vulnerabilities, but Webgoat's structure is
> not very representative of your typical web application's
> structure and workflow (and apart from
>
> that, Webgoat is somewhat small, too). So, what application
> would you suggest?
>
> Thanks for your opinion,
> Holger Peine
>
> --
> Dr. Holger Peine, Security and Safety
> Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern,
> Germany Phone +49-631-6800-2134, Fax -1299 (shared)
> www.iese.fraunhofer.de/Staff/peine -- PGP key on request or
> via http://pgp.mit.edu
Received on Oct 04 2005
Intro
