Web Application Security Scanners are automated tools to test web applications for common security problems such as cross-site scripting, SQL injection, directory traversal, insecure configurations, and remote command execution vulnerabilities. These tools crawl a web application and locate application layer vulnerabilities and weaknesses, either by manipulating HTTP messages or by inspecting them for suspicious attributes.
A large number of web application scanning tools are available, both commercial and open source. Effective use of these tools is an important part of a thorough web application security assessment, and regular security scans are required to comply with security requirements such as section 6.6 of the PCI DSS.
The Web Application Security Scanner Evaluation Criteria (WASSEC) is a set of guidelines to evaluate web application scanners on their ability to effectively test web applications and identify vulnerabilities. It covers areas such as crawling, parsing, session handling, testing, and reporting.
Read More: Here
Wednesday, October 14, 2009
Web Application Security Scanner Evaluation Criteria 1.0 released
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment