Re: [W3af-develop] Web Application Security Scanner Evaluation Criteria

Thu, 08 Oct 2009 14:27:28 -0700 

Adam,

On Thu, Oct 8, 2009 at 4:10 PM, Adam Baldwin
<adam_bald...@ngenuity-is.com> wrote:
> Not sure how w3af fits in, but would be good to see how we come up
> against this criteria.
>
> http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria

    A while ago I read the draft for this document, and w3af was quite
fine in most of the areas. Whenever I have some time, I'll read the
new version. I do have one criticism about this though,... the
document is just an enumeration of things the scanners should have,
having a feature, doesn't mean that you are implementing it right.
Example which I think is not in the document: "XSS detection", most
scanners have XSS detection... but some scanners will find 10 vulns in
a website, while others will find 4 and 34 false positives.

Cheers,

> --
> Adam Baldwin, CISSP, GCIA, C|EH
> Co-Founder
> nGenuity Information Services
> www.ngenuity-is.com
>
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>



-- 
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to