The web application security scanner evaluation criteria (wassec) is a detailed guide to the many features commonly available in web application scanners. the document is intended to help enterprises and it professionals decide which features are common to web application scanners, and which are important for the job at hand.. The web application security consortium's "web application security scanner evaluation criteria (wassec)" project fills this gap by providing a set of detailed evaluation criteria and a framework for conducting a formal scanner evaluation.. Evaluation of web application vulnerability scanners in modern pentest/ssdlc usage scenarios. by shay chen. information security analyst, researcher, and speaker 2.1 list of tested web application scanners 2.2 the evaluation criteria 2.3 the false positive aspect in penetration-tests / ssdlc 2.4 new technologies overview - out of.
The web application security evaluation criteria is a set of guidelines to evaluate web application security scanners on their identification of web application vulnerabilities and its completeness.. The web application security scanner evaluation criteria project list. to see the collection of prior postings to the list, visit the wasc-wassec archives.. using wasc-wassec. The following list of products and tools provide web application security scanner functionality. note that the tools on this list are not being endorsed by the web application security consortium - any tool that provides web application security scanning functionality will be listed here..
