Announcing the Web Application Security Scanner Evaluation Criteria v1 | Linux Today

Announcing the Web Application Security Scanner Evaluation Criteria v1

Written By
Web Webster
Web Webster
Oct 9, 2009

[ Thanks to An Anonymous Reader for
this link. ]

“A large number of web application scanning tools are
available, both commercial and open source. Effective use of these
tools is an important part of a thorough web application security
assessment, and regular security scans are required to comply with
security requirements such as section 6.6 of the Payment Card
Industry Data Security Standard (PCI-DSS).

“The Web Application Security Scanner Evaluation Criteria
(WASSEC) is a set of guidelines to evaluate web application
scanners on their ability to effectively test web applications and
identify vulnerabilities. It covers areas such as crawling,
parsing, session handling, testing, and reporting.

“The goal of the WASSEC is to create a vendor-neutral document
to help guide web application security professionals during web
application scanner evaluations. This document provides a
comprehensive list of features that should be considered when
conducting a web application security scanner evaluation. Different
users will place varying levels of importance on each feature, and
the WASSEC provides the user with the flexibility to take this
comprehensive list of potential scanner features, narrow it down to
a shorter list of features that are important to the user, assign
weights to each feature, and conduct a formal evaluation to
determine which scanning solution best meets the user’s needs.”


Complete Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.