What ever you do make sure its not like the Idea
Hamster thing. Whilst its OK for general asssesment,
applications are so much more indivisual and unique
and a press this, press that thing just wouldnt work.

I am prtty sure you could build a test script type
thing though, like QA departments do. I think the list
of attacks is a pretty good place to start, if you
test all of those I dont see what else that is of
concern. That said you should probably take into
consideration thibgs like authorization, change
control and some of the softer issues.

You could inlclude all the various testing setups,
like reverse proxies, browsers and commercial tools
etc.

Has anyone done any benchmarking of commercial tools ?

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]