AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Thursday, September 24 • 3:00pm - 3:55pm
Using the OWASP Benchmark to Assess Automated Vulnerability Analysis Tools

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Lab material available for download here: 
Please download before arriving at the conference!

The OWASP Benchmark is a test suite designed to evaluate the speed, coverage, and accuracy of automated vulnerability detection tools. Without the ability to measure these tools, it is difficult to understand their value or interpret vendor claims. The OWASP Benchmark contains over 20,000 test cases that are fully runnable and exploitable.

This training class will provide attendees with details of how the Benchmark was developed, what the tests cover, and how to use it to evaluate tools. Students will be able to download a VM with the entire Benchmark fully installed and ready to go. They will be able to compile all the tests, run tools against the benchmark, and generate scorecards for all the tools they run. The scorecards describe how each tool did, as well as allow for quick comparisons between the tools. The VM will include numerous open source security vulnerability detection tools they can use in the class, and if they have access to commercial vulnerability detection tools, they can use those as well.

avatar for Dave Wichers

Dave Wichers

COO, Aspect Security
Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a consulting company that specializes in application security services. He is also a long time contributor to OWASP, helping to establish the OWASP Foundation in 2004, serving on the OWASP Board... Read More →

Thursday September 24, 2015 3:00pm - 3:55pm PDT
Room E