Re: Top webappsec testing vendors?
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Re: Top webappsec testing vendors?
by WebAppSec Mailbox
::
Rate this Message:
Clint:
Seems you're employed by the vendor you just recommended. Not the most up-and-up way to respond to the thread. http://www.linkedin.com/ppl/webprofile?action=vmi&id=2967034 I have a lot of respect for the folks at Neohapsis and IOActive. Not employed by either. ;p -- shawn ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Re: Top webappsec testing vendors?
by Jamie Riden
::
Rate this Message:
On 08/04/2008, WebAppSec Mailbox <webappsec@...> wrote:
> Clint: > > Seems you're employed by the vendor you just recommended. > > Not the most up-and-up way to respond to the thread. > > http://www.linkedin.com/ppl/webprofile?action=vmi&id=2967034 That link doesn't work for me - but this one does: http://www.linkedin.com/in/cgarrison "Current * Adjunct Faculty at University of Phoenix * Information Security Consultant at Trustwave" I really would rather people disclosed if they worked, or had previously worked for particular vendors when talking about them. (For a more selfish reason to disclose, consider that this exchange is now archived on the Internet for ever.) -- Jamie Riden / jamesr@... / jamie@... UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Administrivia: Webappsec Vendor Directory
by Andrew van der Stock
::
Rate this Message:
Hi there,
** Full disclosure: I work for Aspect Security. This is why I have refrained publicly posting as it is a conflict of interest. I am walking a very fine line here. With this post, I aim to represent you, the webappsec reader in this matter, not my employer nor myself. ** The thread on web app sec companies highlights several issues: it can be tricky to find them - so a directory is needed, but some folks have mixed experiences with some companies whilst others love their favorite vendor, and some folks will post on behalf of their employer without disclosing that. The responses so far show all of these attributes. This list is not an advertising service, so I will make it as vendor neutral as possible. I will be rejecting any further posts to this thread beyond the ones I had in my queue. The only exception to the approval to that thread is for company representatives who feel they need a right of reply to a post that takes a shot at them. Instead, to make it fair to all webappsec vendors whilst helping out our readers, I will: * Collect all the responses with company names and publish them here in one single list Friday next week. If you're in this business, please mail me privately (see my address in the headers) and I will add your details to the list. You have until Thursday 17th of April to do this. * Ask Security Focus if we can make that into a FAQ entry on our mailing list page. Most likely that will not happen as a) the list is supported by one of the companies mentioned, and Security Focus itself is owned by Symantec, who through their @stake arm do this sort of work. * Ask OWASP and WASC to re-publish the same list as a business directory on their respective web sites, but most likely that will not happen as OWASP is about vendor neutrality, and WASC is made up of many of the vendors mentioned so far. * If neither FAQ entry comes to pass, I'll make a post on my blog. But that's an absolute last resort as my blog is in the outer arm of the blogosphere, and the information will become stale. thanks, Andrew, your friendly moderator ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
|
|
|
Re: Administrivia: Webappsec Vendor Directory
by bugtraq-2
::
Rate this Message:
Full disclosure I don't work for a security vendor anymore, nor for a security services
company and my comments are mine alone. > * Ask OWASP and WASC to re-publish the same list as a business > directory on their respective web sites, but most likely that will not > happen as OWASP is about vendor neutrality, and WASC is made up of > many of the vendors mentioned so far. I won't speak on OWASP's stance as I'm not as informed as you are about theirs, however regarding your wasc comments I'm going to have to respond to *clarify* your comments about the group since I've been asked in response to your email. WASC is very neutral and is made up of vendors, enterprise people, government, developers, security managers, QA, pen testers and other associated security persons. WASC is run by people of all these backgrounds and no one company/person has more of a right to change group direction or agenda. This was an issue many of us had which is why this was specified in our charter (on our website) upon WASC's creation years ago. WASC knows that many vendors have employee's who are the leading experts in their field and wants to work with all *qualified* parties regardless of who they work for while ensuring material published is neutral and agendaless. Some wasc material may link to vendor materials as we don't discriminate against valid material/resources simply because of the person or group that authored it. Regards, - Robert http://www.webappsec.org/ http://www.webappsec.org/aboutus.shtml ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
| Free Forum Powered by Nabble | Forum Help |