mailing list archives
Re: iiscan results - a closer look
From: dd () sucuri net
Date: Fri, 8 Jan 2010 16:42:33 -0400
I played with it a little yesterday and posted my thoughts (as well as
a summary of their whole scan) at:
It is a nice tool with some good checks looking for SQL, XSS, etc... I
just think they
didn't look deep enough in my site to check more stuff...
On Thu, Jan 7, 2010 at 11:58 AM, Robin Sage <robin.sage () rocketmail com> wrote:
If anyone has any more invite codes please send one to me.
I tried the ones posted and they were not functional.
I also emailed support and never received a response.
Has anyone compared this to AppScan, WebInspect, Sentinnel, Qualys or
How many trials do you get per invite code? Just 1 app?
From: Jardel Weyrich <jweyrich () gmail com>
To: p8x <l () p8x net>
Cc: full-disclosure () lists grok org uk
Sent: Thu, January 7, 2010 9:33:07 AM
Subject: Re: [Full-disclosure] iiscan results
It's probably trying to get different results/responses by changing
the values of some request headers. The most common scenario, as far
as I've seen, and as oddly as it might sound, is the User-Agent and
HTTP minor version.
A more verbose logging strategy would demystify. Or maybe Vincent?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Re: iiscan results - a closer look dd (Jan 10)