For a while, I've been working on a test suite for evaluating web application scanners. Now I have a test suite (PHP/MySQL/AJAX) with a bunch of variable vulnerabilities:
- XSS
- SQL Injection
- Remote File Injection
- Weak hash functions
- Session/Cookies problems
- CSRF
- others...
But there is a problem for a full evaluation. Web Application are not
only a simple schema of scripts and databases and complex relation,
there is also server configuration, infrastructure, different type of
databases etc. Thus, I really have to create different test suites for a
good coverage of what web apps could be.
I plan to use:
- Ruby On Rails framework
- ASP.NET/MS SQL based application
- JSP application
This should cover the differnt type of application but I still have to think about server types, architectures,multiple databases etc.