[WEB SECURITY] Webappsec Vendor Directory

Arian J. Evans arian.evans at anachronic.com
Wed Apr 9 15:32:01 EDT 2008

You are such a darn smart chap, Andrew. Always ahead of me.

I was just about to send an email to this lists this morning
asking someone to do this very thing. I refrained because

We should make it clear it's not a "PCI or *advertising
approved* vendor list, but I think this is a good idea.

I'd really love a voting or recommendation system. There's
ways to ensure non-gaming systems (count anonymous
as 1/10th point; require registration and disclosure of
employer or affiliations; enough info to verify identity, etc.).

There's plenty of new folks looking for reasonable services
that simply have no idea where to begin.

Like the OWASP Tools list I started years ago, a vendor
directory, especially if we could *categorize* services
offered, would be GREAT.


Arian Evans, software security stuff

reformed hacker turned animal rights activist to meet vapid chicks concerned
with those tasty animals

On Wed, Apr 9, 2008 at 11:15 AM, Andrew van der Stock <vanderaj at greebo.net>

> Hi there,
> ** Full disclosure: I work for Aspect Security. This is why I have
> refrained publicly posting as it is a conflict of interest. I am
> walking a very fine line here. With this post, I aim to represent you,
> the webappsec reader in this matter, not my employer nor myself. **
> The thread on web app sec companies highlights several issues: it can
> be tricky to find them - so a directory is needed, but some folks have
> mixed experiences with some companies whilst others love their
> favorite vendor, and some folks will post on behalf of their employer
> without disclosing that. The responses so far show all of these
> attributes. This list is not an advertising service, so I will make it
> as vendor neutral as possible.
> I will be rejecting any further posts to this thread beyond the ones I
> had in my queue. The only exception to the approval to that thread is
> for company representatives who feel they need a right of reply to a
> post that takes a shot at them.
> Instead, to make it fair to all webappsec vendors whilst helping out our
> readers, I will:
> * Collect all the responses with company names and publish them here
> in one single list Friday next week. If you're in this business,
> please mail me privately (see my address in the headers) and I will
> add your details to the list. You have until Thursday 17th of April to
> do this.
> * Ask Security Focus if we can make that into a FAQ entry on our
> mailing list page. Most likely that will not happen as a) the list is
> supported by one of the companies mentioned, and Security Focus itself
> is owned by Symantec, who through their @stake arm do this sort of work.
> * Ask OWASP and WASC to re-publish the same list as a business
> directory on their respective web sites, but most likely that will not
> happen as OWASP is about vendor neutrality, and WASC is made up of
> many of the vendors mentioned so far.
> * If neither FAQ entry comes to pass, I'll make a post on my blog. But
> that's an absolute last resort as my blog is in the outer arm of the
> blogosphere, and the information will become stale.
> thanks,
> Andrew, your friendly moderator
> -------------------------------------------------------------------------
> Sponsored by: Watchfire Methodologies & Tools for Web Application Security
> Assessment With the rapid rise in the number and types of security threats,
> web application security assessments should be considered a crucial phase in
> the development of any web application. What methodology should be followed?
> What tools can accelerate the assessment process? Download this Whitepaper
> today!
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> -------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080409/6f20f967/attachment.html>

More information about the websecurity mailing list