The Web Application Security Consortium is pleased to announce a new project " Web Application Security Scanner Evaluation Criteria (WASSEC)". Currently WASC is seeking volunteers from various sections of the community including penetration testers, scanner vendors, security researchers and also end users to contribute to the project.

A brief description of the project

The Web Application Security Evaluation Criteria is a set of guidelines to evaluate web application security scanners on their identification of web application vulnerabilities and its completeness. It will cover things like crawling, parsing, session handling, types of vulnerabilities and information about those vulnerabilities. The goal of this project is to evaluate the technical aspects of the web application security scanners and NOT the features provided by it.

The project page can be found at
http://www.webappsec.org/projects/wassec/

If you would like to be involved with the project, please contact Anurag Agarwal (an

ur

ag.a

garwal@y

ahoo.com)

Project Page http://www.webappsec.org/projects/wassec/