Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Oracle Releases Critical Security Patch | Main | Corporation Suffers Data Breach then Creates Plan to Prevent Attacks »

Evaluating Web Scanning Tools with OWASP Site Generator

Continuing this week's discussion of Open Web Application Security Project projects, I'll disucss the OWASP Site Generator tool.

The Site Generator is used to generate dynamic Web sites with known vulnerabilities using XML configuration files. The program can be used for a number of purposes, like training and creating honeypots, but I think it is especially useful to network administrators to help evaluate Web application security scanners. Rather than just relying on vendor provided marketing material, you can use this tool to generate sites with known vulnerabilites and run scanners head to head to see which can produce the most accurate results.

Network administrators don't need to be proficient in XML, the project includes a GUI editor for configuring test sites.


Web Site Creator with a list of vulnerabilites that will be included in the site.

The Site Generator project was initiated by Foundstone, a division of McAfee, and is now run by OWASP.

Tags:    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on January 17, 2007 6:13 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/180

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net