mailing list archives
Fw: Re: ratproxy issues
From: Andre Rodrigues <acastanheira2001 () yahoo com br>
Date: Mon, 10 Nov 2008 08:12:23 -0800 (PST)
I would like to talk about the use of ratproxy, and the issues reported.
1- Test Phase
I test the systems with the following parameters:
-XCrlfscmetigj (for active testing).
What parameteres do you use?
To perform the test I click on every app´s link, but it is a little boring, and there´s a risk of forgeting some link.
Let alone a big one.
How do you proceed to test your apps?
2- Issues Phase
Ratproxy reported some high risk issues, so I need to understand then in order to convince the developers.
I´ve found found this link http://code.google.com/p/doctype/wiki/ArticlesXSS that explain many of the threats reported
What approach do you use in order to convince the developers team about the risks exposed?
Is there any comparison between ratproxy and other pen test tools?
?Prefieres hablar en español?
--- On Fri, 11/7/08, Alonso Caballero Quezada / ReYDeS <reydes () gmail com> wrote:
From: Alonso Caballero Quezada / ReYDeS <reydes () gmail com>
Subject: Re: ratproxy issues
To: security-basics () securityfocus com
Date: Friday, November 7, 2008, 8:35 AM
On Fri, Nov 7, 2008 at 7:16 AM, <acastanheira2001 () yahoo com br> wrote:
Does anybody use ratproxy in order to evaluate its web apps?
I´m using now and would like to discuss the reported issues.
Yes, What do you want to know?what do you know?
Alonso Caballero Quezada aka ReYDeS - ReYDeS () gmail com
GIAC Computer and Network Security Awareness (SSP-CNSA)
http://alonsocaballero.informatizate.net - LRU #307242
- ratproxy issues acastanheira2001 (Nov 07)
- <Possible follow-ups>
- Fw: Re: ratproxy issues Andre Rodrigues (Nov 10)
- Re: ratproxy issues Alonso Caballero Quezada / ReYDeS (Nov 10)