Monday, August 13, 2007

WASC Announcement: 'WASSEC Project' Call for Participants

WASC has announced a new project WASSEC (Web Application Security Scanner Evaluation Criteria). Currently WASC is seeking volunteers from various sections of the community including penetration testers, scanner vendors, security researchers and also end users to contribute to the project.

A brief description of the project

The Web Application Security Evaluation Criteria is a set of guidelines to evaluate web application security scanners on their identification of web application vulnerabilities and its completeness. It will cover things like crawling, parsing, session handling, types of vulnerabilities and information about those vulnerabilities. The goal of this project is to evaluate the technical aspects of the web application security scanners and NOT the features provided by it.

The project page can be found at

If you would like to be involved with the project, please contact Anurag Agarwal (


preilly said...

I look forward to participating in this project.

Positive Thinker said...

I’ve been tasked with accomplishing an evaluation of our existing web application vulnerability assessment tool, White Hat Sentinel, vs. several other vendor options. In reviewing the WASC page, , I noticed the last update was on August 2007. Is this a project you (or someone you know) is actively working on? If so, is there a draft of the criteria available for review? If not, I’d very much like to participate. Thanks.