[WEB SECURITY] Webappsec Vendor Directory

["Arian J. Evans" <arian.evans@xxxxxxxxxxxxxx>]

------=_Part_24957_3687930.1207769521766
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You are such a darn smart chap, Andrew. Always ahead of me.

I was just about to send an email to this lists this morning
asking someone to do this very thing. I refrained because

We should make it clear it's not a "PCI or *advertising
approved* vendor list, but I think this is a good idea.

I'd really love a voting or recommendation system. There's
ways to ensure non-gaming systems (count anonymous
as 1/10th point; require registration and disclosure of
employer or affiliations; enough info to verify identity, etc.).

There's plenty of new folks looking for reasonable services
that simply have no idea where to begin.

Like the OWASP Tools list I started years ago, a vendor
directory, especially if we could *categorize* services
offered, would be GREAT.

IMHO

-- 
-- 
Arian Evans, software security stuff

reformed hacker turned animal rights activist to meet vapid chicks concerned
with those tasty animals


On Wed, Apr 9, 2008 at 11:15 AM, Andrew van der Stock <vanderaj@greebo.net>
wrote:

> Hi there,
>
> ** Full disclosure: I work for Aspect Security. This is why I have
> refrained publicly posting as it is a conflict of interest. I am
> walking a very fine line here. With this post, I aim to represent you,
> the webappsec reader in this matter, not my employer nor myself. **
>
> The thread on web app sec companies highlights several issues: it can
> be tricky to find them - so a directory is needed, but some folks have
> mixed experiences with some companies whilst others love their
> favorite vendor, and some folks will post on behalf of their employer
> without disclosing that. The responses so far show all of these
> attributes. This list is not an advertising service, so I will make it
> as vendor neutral as possible.
>
> I will be rejecting any further posts to this thread beyond the ones I
> had in my queue. The only exception to the approval to that thread is
> for company representatives who feel they need a right of reply to a
> post that takes a shot at them.
>
> Instead, to make it fair to all webappsec vendors whilst helping out our
> readers, I will:
>
> * Collect all the responses with company names and publish them here
> in one single list Friday next week. If you're in this business,
> please mail me privately (see my address in the headers) and I will
> add your details to the list. You have until Thursday 17th of April to
> do this.
>
> * Ask Security Focus if we can make that into a FAQ entry on our
> mailing list page. Most likely that will not happen as a) the list is
> supported by one of the companies mentioned, and Security Focus itself
> is owned by Symantec, who through their @stake arm do this sort of work.
>
> * Ask OWASP and WASC to re-publish the same list as a business
> directory on their respective web sites, but most likely that will not
> happen as OWASP is about vendor neutrality, and WASC is made up of
> many of the vendors mentioned so far.
>
> * If neither FAQ entry comes to pass, I'll make a post on my blog. But
> that's an absolute last resort as my blog is in the outer arm of the
> blogosphere, and the information will become stale.
>
> thanks,
> Andrew, your friendly moderator
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire Methodologies & Tools for Web Application Security
> Assessment With the rapid rise in the number and types of security threats,
> web application security assessments should be considered a crucial phase in
> the development of any web application. What methodology should be followed?
> What tools can accelerate the assessment process? Download this Whitepaper
> today!
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> -------------------------------------------------------------------------
>
>

------=_Part_24957_3687930.1207769521766
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You are such a darn smart chap, Andrew. Always ahead of me.<br><br>I was just about to send an email to this lists this morning<br>asking someone to do this very thing. I refrained because<br><br>We should make it clear it&#39;s not a &quot;PCI or *advertising<br>
approved* vendor list, but I think this is a good idea.<br><br>I&#39;d really love a voting or recommendation system. There&#39;s<br>ways to ensure non-gaming systems (count anonymous<br>as 1/10th point; require registration and disclosure of<br>
employer or affiliations; enough info to verify identity, etc.).<br><br>There&#39;s plenty of new folks looking for reasonable services<br>that simply have no idea where to begin.<br><br>Like the OWASP Tools list I started years ago, a vendor<br>
directory, especially if we could *categorize* services<br>offered, would be GREAT.<br><br>IMHO<br><br>-- <br>-- <br>Arian Evans, software security stuff<br><br>reformed hacker turned animal rights activist to meet vapid chicks concerned with those tasty animals<br>
<br><br><div class="gmail_quote">On Wed, Apr 9, 2008 at 11:15 AM, Andrew van der Stock &lt;<a href="mailto:vanderaj@greebo.net";>vanderaj@greebo.net</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi there,<br>
<br>
** Full disclosure: I work for Aspect Security. This is why I have<br>
refrained publicly posting as it is a conflict of interest. I am<br>
walking a very fine line here. With this post, I aim to represent you,<br>
the webappsec reader in this matter, not my employer nor myself. **<br>
<br>
The thread on web app sec companies highlights several issues: it can<br>
be tricky to find them - so a directory is needed, but some folks have<br>
mixed experiences with some companies whilst others love their<br>
favorite vendor, and some folks will post on behalf of their employer<br>
without disclosing that. The responses so far show all of these<br>
attributes. This list is not an advertising service, so I will make it<br>
as vendor neutral as possible.<br>
<br>
I will be rejecting any further posts to this thread beyond the ones I<br>
had in my queue. The only exception to the approval to that thread is<br>
for company representatives who feel they need a right of reply to a<br>
post that takes a shot at them.<br>
<br>
Instead, to make it fair to all webappsec vendors whilst helping out our<br>
readers, I will:<br>
<br>
* Collect all the responses with company names and publish them here<br>
in one single list Friday next week. If you&#39;re in this business,<br>
please mail me privately (see my address in the headers) and I will<br>
add your details to the list. You have until Thursday 17th of April to<br>
do this.<br>
<br>
* Ask Security Focus if we can make that into a FAQ entry on our<br>
mailing list page. Most likely that will not happen as a) the list is<br>
supported by one of the companies mentioned, and Security Focus itself<br>
is owned by Symantec, who through their @stake arm do this sort of work.<br>
<br>
* Ask OWASP and WASC to re-publish the same list as a business<br>
directory on their respective web sites, but most likely that will not<br>
happen as OWASP is about vendor neutrality, and WASC is made up of<br>
many of the vendors mentioned so far.<br>
<br>
* If neither FAQ entry comes to pass, I&#39;ll make a post on my blog. But<br>
that&#39;s an absolute last resort as my blog is in the outer arm of the<br>
blogosphere, and the information will become stale.<br>
<br>
thanks,<br>
Andrew, your friendly moderator<br>
<br>
-------------------------------------------------------------------------<br>
Sponsored by: Watchfire Methodologies &amp; Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! <br>

<a href="https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F"; target="_blank">https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F</a><br>
-------------------------------------------------------------------------<br>
<br>
</blockquote></div><br><br clear="all"><br>

------=_Part_24957_3687930.1207769521766--