Penetration Testing
WASC Announcement: Static Analysis Technologies Evaluation Criteria Published May 10 2013 06:25PM
announcements webappsec org (1 replies)
RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published May 16 2013 04:30PM
Debasis Mohanty (dm mailinglists gmail com)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the public. The reason was,
I wanted to make it a part of one of my secure SDLC initiative called
(OSFSS) - www.coffeeandsecurity.com which got delayed for several reasons.
Now since the cat is out, here is the SCA Pilot QFD
http://www.coffeeandsecurity.com/resources/osfss/docs/SCA_QFDv0.1.pdf . The
document is not complete yet and need to be updated. But the document does
cover various parameters based on which an effective pilot could be done.

-d

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of announcements (at) webappsec (dot) org [email concealed]
Sent: 10 May 2013 23:56
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: WASC Announcement: Static Analysis Technologies Evaluation Criteria
Published

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a static
code analysis technology that is intended to be used during source-code
driven security programs. This document provides a comprehensive list of
criteria that should be considered during the evaluation process. WASC
Static Analysis Technologies Evaluation Criteria
http://projects.webappsec.org/Static%20Analysis%20Technologies%20Evaluat
ion%
20Criteria

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus