[Owasp-access-control-rules-tester-project] commercial Access Control Rules Testing

Andrew Petukhov petand at lvk.cs.msu.su
Tue Jun 17 08:50:09 EDT 2008


Mat Caughron wrote:

> Hi Andrew:
>
> IBM has a thing called the Rational Policy Tester.  It comes in three 
> editions: policy tester for accessibility compliance, privacy edition 
> for privacy compliance, and quality edition for centralized scanning 
> of web content for quality.    I think these are all tools from 
> WatchFire, but I have not seem them yet.
>
> I've subscribed to the mailing list for the access control rules 
> testing project.
>
>
> Mat Caughron, CISSP
> (408) 910-1266
>
>
Hello everybody.
Thanks for joining this list!

Mat, thanks for the idea. These tools are indeed after Watchfire group:
http://www.watchfire.com/products/webxm/demos.aspx?S_CMP=rnav
I have read the datasheets presented at
http://www-306.ibm.com/software/awdtools/tester/policy/
According to the provided descriptions, Policy Tester Accessibility
Edition and Policy Tester Quality Edition are useless in access control
testing (please, correct me, if I am wrong). So the only interesting
thing is Policy Tester Privacy Edition. Alas, there is no trial version.
Think, I'll need to contact IBM to see was this tool is capable of.

P.S. for Mat: I am kindly asking you to edit the
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Projects_Authors_Status_Target_and_Reviewers 

page simirlarly ti what Min has done - please put a link to a short
summary about youself. Or just drop me a line - and I'll make it on your
behalf.

Kind regards everyone,
Andrew Petukhov




More information about the Owasp-access-control-rules-tester-project mailing list