[WEB SECURITY] In depth security scanning versus breadth based

robert at webappsec.org robert at webappsec.org
Tue Jul 7 20:14:53 EDT 2009


Hello Everyone,
 
Many automated tools are great at crawling/attacking every url they discover, however fail to properly visit URL sequences
in order. For example you must complete a 5 page process to get to the functionality on page 6. Certain commercial products
support 'macro's' where you can record those 'url sequences' in order and can later audit them in order. What are the lists        
experiences with getting blackbox tools to perform this depth of review in a pre/post production environment?
 
If you plan on replying with one of the following replies you will be ignored! :)
- Debating the types of attacks/weaknesses tools are good at finding
- Debating source code/sca analysis vs blackbox
- Pitching your product/service                    

Regards,
- Robert A.
http://www.cgisecurity.com/ Application Security news, and more
http://www.webappsec.org/ WASC Co Founder and Moderator of The Web Security Mailing List
http://www.qasec.com/ Software Security Testing in QA and Development


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list