|
WebApp Sec
mailing list archives
Re: Good benchmark application for web security testing tools?
From: Eoin Keary <eoinkeary () gmail com>
Date: Tue, 4 Oct 2005 14:39:28 +0000
hackmebank Or hackmebooks from foundstone?
On 04/10/05, Peine,Holger <Holger.Peine () iese fraunhofer de> wrote:
The idea of reviewing the available (free or commercial) web application
security testing tools has been mentioned several times on this list.
However, what would a good benchmarking application for these tools be,
i.e. a "typical" web application with a number of known vulnerabilities?
Initially I was thinking of Webgoat, which at least has a nice variety
of vulnerabilities, but Webgoat's structure is not very representative
of your typical web application's structure and workflow (and apart from
that, Webgoat is somewhat small, too). So, what application would you
suggest?
Thanks for your opinion,
Holger Peine
--
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany
Phone +49-631-6800-2134, Fax -1299 (shared)
www.iese.fraunhofer.de/Staff/peine -- PGP key on request or via
http://pgp.mit.edu
 By Date 
By Thread
Current thread:
|
Intro
