Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Free security testing from Stanford security lab
1 point by jasonbau on May 5, 2012 | hide | past | favorite
Hi Y-Combinator folks,

I wanted to let you know about a security study that we at the Stanford security lab (seclab.stanford.edu) are running, in conjunction with some of our alumni at Google security, to see if any of your startup would be interested. In a nutshell, we are offering to scan any web application with a suite of leading commercial black-box web-application vulnerability detectors (whose license costs would total $50k annually), give the developers the output reports, and help them interpret these reports if they wish. In exchange, we ask you to participate in a 1-2 hour study/interview about their engineering practices w.r.t. security.

Basically, we've gotten licenses to use 4 of the leading commercial black box web application vulnerability scanners: Acunetix WVS, IBM AppScan, HP WebInspect, and Qualys Qualysguard, because of our previous research paper on the topic: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5504795&tag=1 We would like to understand something about the Web application engineering process with regards to security, so we reached out to Stanford affiliated startups to see whether they would like a free, fairly comprehensive security evaluation in exchange for answering some questions about their security training and whether they include any security considerations in their development process. We've gotten about responses from about 20 such groups at Stanford, but we'd like an even broader sample, which is why we are reaching out to you.

What it will "cost" the participants: * 1-2 hours of time for an interview/survey. We will ask questions about their security background/education and their application engineering process w.r.t. security * permission for us to send up to about 2GB/day of network traffic at their applications, for a period of up to 3 days * small misc. requests, such as creating an account for the scanner in their application<p>What you will get: * A security assessment by state-of-the-art commercial scanners * Vulnerability reports from all of the scanners we run on their site * Our help in interpreting the reports, should you want it<p>Also, our study is aimed at gather aggregate statistics and data, so we promise not to disclose/publish any vulnerability data associated a named site without the site developer's permission.<p>If you or the your startup have any questions, feel free to email us at jbau at stanford and frankw2 at stanford.<p>We would love your participation.

Regards, Jason Bau Ph.D. candidate, Stanford Seclab



Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: