Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Web Application Scanner Focus Group
[SAMATE Home | IntrO TO SAMATE | SARD | SATE | Bugs Framework | Publications | Tool Survey | Resources]
Our goal is not to evaluate tools per se, but establish methods for users to evaluate the tools. We also focus only on vulnerabilities and not on GUI and extra-features.
Need for a focus group
As part of the SAMATE project, we are developing a functional specification of Web Application Scanners. Test plan and test suites for web application scanners are also being developed. Our goals for forming a focus group are to help us answer questions such as: did we forget anything? Does the spec make sense? Do the requirements reasonably capture what practitioners really need?
We believe people with the following characteristics will be excellent to serve as focus group members:
- Expertise in web application security and security assurance
- Familiarity with many domains
- contact with the worldwide software security assurance community
- mix of academic, government, and industry
The focus group will read and comment on the specification, the test plan, and the test suites. To facilitate group discussions we will set up an email list for the focus group. We also plan to have face-to-face meetings at mutually agreed times.
We seek additional members, however, this is not a funded position.
Current members
- Anurag Agarwal
- Robert Auger, cgisecurity
- Brian Chess, Fortify Software
- Eric Dalci, Cigital
- Jeremiah Grossman, White Hat Security
- Robert Hansen, SecTheory
- Billy Hoffman, SpiDynamics
- Jeff Offutt, George Mason University
- Steve Orrin, Intel Corp.
- Ory Segal, IBM
- Lee Sommer, NIH
- Pravir Chandra, Cigital
- Han Thai, NIST