[WEB SECURITY] Request for information (Web application security testing)

Léon Pauv pauv.leon at gmail.com
Tue Feb 23 05:45:05 EST 2010

Hi everyone,

My name is Léon PAUV and I am currently preparing for a Master degree in IT
in France. As part of my degree course, I am writing a research paper
entitled “Testing the Web application security”, in which I need to analyze
today’s context of Web application security testing and its future

In order to gather supplementary information related to my subject, I looked
for security experts on the Internet and have been advised to post a message
on the WASC mailing list (sorry for the people that belongs to this list and
that I may already have contacted by e-mail).

It would be really helpful if some of you could answer the questionnaire (or
at least some of its questions) below.

Thank you all in advance for your time and consideration,

Best regards,



 Analysis of the existent

1.    Who are the main actors in the field of Web application security and
especially in the testing part? Do you have any information regarding their
market share?

2.    Which testing methods/solutions (black-box, white-box, automated
scanner, etc.) are the most often used? Why?

3.    In your opinion, what are the most important criteria when choosing a

4.    What is the average cost of a security testing solution?

5.    What is the average budget invested by companies for the security of
their Web applications and more particularly for the testing part? What do
think about it?

 Future of Web application security testing

1.    What are the limits of current testing methods/tools?

2.    What needs to be improved?

3.    What are the possible solutions?

4.    According to you, what is the best one and why?

5.    Can it be easily implemented? What are its limits?

Do you have anything to add that might be helpful?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100223/922df6bf/attachment.html>

More information about the websecurity mailing list