[Owasp-access-control-rules-tester-project] commercial Access Control Rules Testing

Andrew Petukhov petand at lvk.cs.msu.su
Tue Jun 17 08:41:55 EDT 2008


Mat Caughron wrote:

> Hi Andrew:
>
> IBM has a thing called the Rational Policy Tester.  It comes in three 
> editions: policy tester for accessibility compliance, privacy edition 
> for privacy compliance, and quality edition for centralized scanning 
> of web content for quality.    I think these are all tools from 
> WatchFire, but I have not seem them yet.
>
> I've subscribed to the mailing list for the access control rules 
> testing project.
>
>
> Mat Caughron, CISSP
> (408) 910-1266
>
>
Hello everybody.
Thanks for joining this list!

Mat, thanks for the idea. These tools are indeed after Watchfire group: 
http://www.watchfire.com/products/webxm/demos.aspx?S_CMP=rnav
I have read the datasheets presented at 
http://www-306.ibm.com/software/awdtools/tester/policy/
According to the provided descriptions, Policy Tester Accessibility 
Edition and Policy Tester Quality Edition are useless in access control 
testing (please, correct me, if I am wrong). So the only interesting 
thing is Policy Tester Privacy Edition. Alas, there is no trial version. 
Think, I'll need to contact IBM to see was this tool is capable of.

P.S. for Mat: I am kindly asking you to edit the 
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Projects_Authors_Status_Target_and_Reviewers 
page simirlarly ti what Min has done - please put a link to a short 
summary about youself. Or just drop me a line - and I'll make it on your 
behalf.

Kind regards everyone,
Andrew Petukhov



More information about the Owasp-access-control-rules-tester-project mailing list