Network Security: Detailed info on Re: Environment for testing WebApp Security Scanners

Subject:	Re: Environment for testing WebApp Security Scanners
Date:	Thu, 10 Aug 2006 08:19:57 +1000

Subject:

Re: Environment for testing WebApp Security Scanners

Date:

Thu, 10 Aug 2006 08:19:57 +1000

On 8/9/06, c0redump@ackers.org.uk <c0redump@ackers.org.uk> wrote:

Nice idea, but no tool can substitute for a little common sense and manual
know how.  The way cookies like this would be implemented would vary
greatly, therefore any security scanner would still rely on signatures -
back to the problem at hand again.  If it doesn't have the signature/rule it
isn't going to pick it up.

Therefore, any web application tool out there, when used, should *always* be
followed up by a manual test.


I don't think anyone would disagree with that.

Just my two pence.
Tom Neaves


-- mic

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Environment for testing WebApp Security Scanners, (continued) RE: Environment for testing WebApp Security Scanners, Mark Curphey Re: Environment for testing WebApp Security Scanners, Roman H. RE: Environment for testing WebApp Security Scanners, Brokken, Allen P. Re: Environment for testing WebApp Security Scanners, Dean H. Saxe Re: Environment for testing WebApp Security Scanners, Gerald Quakenbush RE: Environment for testing WebApp Security Scanners, Mark Curphey Re: Environment for testing WebApp Security Scanners, mikeiscool Re: Environment for testing WebApp Security Scanners, Dean H. Saxe Re: Environment for testing WebApp Security Scanners, mikeiscool Re: Environment for testing WebApp Security Scanners, c0redump Re: Environment for testing WebApp Security Scanners, mikeiscool <= RE: Environment for testing WebApp Security Scanners, Evans, Arian Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan Message not available Message not available RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, René Palige Message not available Message not available RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, René Palige

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Parameter fuzzing and forced browsing, mikeiscool
Next by Date:	Sending multipart/form-data requests from Flash (with arbitrary headers), Amit Klein (AKsecurity)
Previous by Thread:	Re: Environment for testing WebApp Security Scanners, c0redump
Next by Thread:	RE: Environment for testing WebApp Security Scanners, Evans, Arian
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Parameter fuzzing and forced browsing, mikeiscool

Next by Date:

Sending multipart/form-data requests from Flash (with arbitrary headers), Amit Klein (AKsecurity)

Previous by Thread:

Re: Environment for testing WebApp Security Scanners, c0redump

Next by Thread:

RE: Environment for testing WebApp Security Scanners, Evans, Arian

Indexes:

[Date] [Thread] [Top] [All Lists]