It contains guidelines for identification, enhancement and development of software assurance tools.
- The Static Analysis Tool Exposition (SATE) 2010 is in progress. The experience workshop will be Friday, 1 October, here at NIST co-located with the 13th semi-annual Software Assurance Forum.
- Source Code Security Analysis specifications, background, etc.
- Web Application Scanner specifications, background, etc.
- The SAMATE Reference Dataset (SRD), with thousands of test programs, and its manual.
- SA Tool Taxonomy
- SAMATE Publications
- Technical Advisory Panel
Sample WebApp scanner specifications specified by SAMATE as below: LINK
WA-RM-1: Identify all of the types of vulnerabilities listed in Annex A.
WA-RM-2: Report an attack that demonstrates the vulnerability.
WA-RM-3: Specify the attack by providing script location, inputs, and context.
WA-RM-4: Identify the vulnerability with a name semantically equivalent to those in Annex A. WA-RM-5: Be able to authenticate itself to the application and maintain logged-in state.
Have an acceptably low false positive rate.