The SAMATE Project Department of Homeland Security

Web Application Scanner Focus Group


Our goal is not to evaluate tools per se, but establish methods for users to evaluate the tools. We also focus only on vulnerabilities and not on GUI and extra-features.

The SAMATE project leader is Dr. Paul E. Black. Members of web application scanner project team include Elizabeth Fong, Vadim Okun and Romain Gaucher.

Need for a focus group

As part of the SAMATE project, we are developing a functional specification of Web Application Scanners. Test plan and test suites for web application scanners are also being developed. Our goals for forming a focus group are to help us answer questions such as: did we forget anything? Does the spec make sense? Do the requirements reasonably capture what practitioners really need?

We believe people with the following characteristics will be excellent to serve as focus group members:

  • Expertise in web application security and security assurance
  • Familiarity with many domains
  • contact with the worldwide software security assurance community
  • mix of academic, government, and industry

The focus group will read and comment on the specification, the test plan, and the test suites. To facilitate group discussions we will set up an email list for the focus group. We also plan to have face-to-face meetings at mutually agreed times.

We seek additional members, however, this is not a funded position.

Current members

  • Anurag Agarwal
  • Robert Auger, cgisecurity
  • Brian Chess, Fortify Software
  • Eric Dalci, Cigital
  • Jeremiah Grossman, White Hat Security
  • Robert Hansen, SecTheory
  • Billy Hoffman, SpiDynamics
  • Jeff Offutt, George Mason University
  • Steve Orrin, Intel Corp.
  • Ory Segal, IBM
  • Lee Sommer, NIH
  • Pravir Chandra, Cigital
  • Han Thai, NIST