Sunday, February 19, 2012

SecToolMarket - A dynamic benchmark presentation website

Although I can't really claim that what I'm about to present is perfect (I'm learning to control that one, hopefully), and the design is not yet memorable (U-N-D-E-R-S-T-A-T-E-M-E-N-T), it's certainly going to be useful for a lot of folks - pen-testers (first and foremost), vendors, analysts, researchers, security personal, and a bunch of people that stumbled upon this blog and are about to face a lot of scary words.

In short, the benchmark presentation framework is up and ready, and published as a web site called SecToolMarket (

I originally planned hosting it in Google sites (which is why there's no JS/AJAX/etc), but after a couple of hours of desperately trying to upload  bulks of files to Google sites, I gave up and used the conventional method.

Although it doesn't yet contain a lot of new information (mostly additional information & analysis of the products tested in 2011), it's much easier to navigate through the data, and the analysis of the 2011 benchmark can provide additional insights, even to those that read the 2011 benchmark post.

A part from adding statistics, making things simpler, adding glossaries for everything and collecting vendor and product specific stats under dedicated pages, this framework can also be updated more frequently (and hopefully on a consistent basis), contains information that wasn't published, and allows you to track my progress as I'm performing my comparisons.

The two new categories (input-vector-support and coverage) are still incomplete (and will probably be updated soon, especially for commercial scanners - which will hopefully notify me if there's any missing information), but they already provide some insights, that might be relevant for some us.

Some screen captures of the content:

I'll probably post additional information on this website, and my future plans, but in the meantime, I'm going to crash, and hope you have fun with it.