[WEB SECURITY] Request for information (Web application security testing)

Michael Robinson just.reboot.it at gmail.com
Tue Feb 23 16:02:24 EST 2010


The lack of ability to share webcrawl results across toolsets could
certainly be improved. This typically results in each tool of choice needing
to perform it's own initial webcrawl, rather than just being able to import
from an external source.

Michael


On Tue, Feb 23, 2010 at 9:45 PM, Léon Pauv <pauv.leon at gmail.com> wrote:

> Hi everyone,
>
> My name is Léon PAUV and I am currently preparing for a Master degree in IT
> in France. As part of my degree course, I am writing a research paper
> entitled “Testing the Web application security”, in which I need to analyze
> today’s context of Web application security testing and its future
> evolution.
>
> In order to gather supplementary information related to my subject, I
> looked for security experts on the Internet and have been advised to post a
> message on the WASC mailing list (sorry for the people that belongs to this
> list and that I may already have contacted by e-mail).
>
> It would be really helpful if some of you could answer the questionnaire
> (or at least some of its questions) below.
>
> Thank you all in advance for your time and consideration,
>
> Best regards,
>
>
> Léon PAUV
>
>
> ----------------------------------------------------------------------------------
>
> Questionnaire
>  Analysis of the existent
>
> 1.    Who are the main actors in the field of Web application security and
> especially in the testing part? Do you have any information regarding their
> market share?
>
>
> 2.    Which testing methods/solutions (black-box, white-box, automated
> scanner, etc.) are the most often used? Why?
>
>
> 3.    In your opinion, what are the most important criteria when choosing
> a solution?
>
>
> 4.    What is the average cost of a security testing solution?
>
>
> 5.    What is the average budget invested by companies for the security of
> their Web applications and more particularly for the testing part? What do
> think about it?
>
>  Future of Web application security testing
>
> 1.    What are the limits of current testing methods/tools?
>
>
> 2.    What needs to be improved?
>
>
> 3.    What are the possible solutions?
>
>
> 4.    According to you, what is the best one and why?
>
>
> 5.    Can it be easily implemented? What are its limits?
>
>
>
> Do you have anything to add that might be helpful?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100224/77c59841/attachment.html>


More information about the websecurity mailing list