Wednesday, February 22, 2012

SecToolMarket - Dynamic Security Benchmark Presentation Platform

Tired of navigating through endless paragraphs in search of information?Thinking of prosecuting the inventors of the CTRL+F key combination?
If that is the case, you might want to check out SecToolMarket - a new, live website that presents the results of security benchmarks (currently focusing on web application vulnerability scanner benchmarks),in a way that's intuitive and simple.

Don't expect fancy web design (yet) or RSS feeds, but the information within might certainly be useful for a wide variety of entities, including pen-testers, researchers, analysts and security vendors.

SecToolMarket currently supports the following features:

1- A clear and simple presentation of the 2011 benchmark of 60 web application scanners, with a "click to get anywhere" interface.
2- Product specific, Test specific and Vendor specific unified information.
3- Comparison tables for product information, general features, authentication features, input vector support (new!), coverage (new!), audit features and complimentary audit features (data reflects the results published in the *08/2011* benchmark).
4- Detailed comparison of SQL Injection and Reflected Cross Site Scripting detection accuracy (data reflects the results published in the *08/2011* benchmark).
5- Glossaries for many of the terms & features implemented in the various products.
6- Statistics for many of the benchmark's results (how many scanners support a certain feature, implement a certain vulnerability check, etc).
7- Built-in filters for comparing unified lists of products, commercial products or open source products.
8- Additional content that wasn't published in the 2011 benchmark.
9- Notifications on SVN activities and upcoming features.
10- A framework for presenting updated & new results more frequently.

Notice that the information that is currently presented in the website reflects information from august 2011, and that the two new benchmark categories (input vector support and coverage) still require modifications and updates, but according to the author, this information will be updated more often, and will enable us to track the research progress.

The author's post about the presentation framework:

The SecToolMarket website:

No comments: