[WEB SECURITY] In depth security scanning versus breadth based
robert at webappsec.org
robert at webappsec.org
Tue Jul 7 20:14:53 EDT 2009
Hello Everyone,
Many automated tools are great at crawling/attacking every url they discover, however fail to properly visit URL sequences
in order. For example you must complete a 5 page process to get to the functionality on page 6. Certain commercial products
support 'macro's' where you can record those 'url sequences' in order and can later audit them in order. What are the lists
experiences with getting blackbox tools to perform this depth of review in a pre/post production environment?
If you plan on replying with one of the following replies you will be ignored! :)
- Debating the types of attacks/weaknesses tools are good at finding
- Debating source code/sca analysis vs blackbox
- Pitching your product/service
Regards,
- Robert A.
http://www.cgisecurity.com/ Application Security news, and more
http://www.webappsec.org/ WASC Co Founder and Moderator of The Web Security Mailing List
http://www.qasec.com/ Software Security Testing in QA and Development
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list