The Oedipus Web Application Scanner project (disclaimer - I have been
involved in it's development) has just released it's first public beta
release - version 1.8.1. Oedipus is a penetration testing focused tool,
designed for penetration testers and for technical security or web
development folks to test their applications for web application
security issues. It deviates from many of the commercial tools in that:
* Oedipus does not claim to be a one stop testing tool that will
find every type of hole in your applications. It is, however,
pretty good at finding the low hanging fruit so you can spend
your time finding the really nasty problems manually
* Oedipus has some exploitation functionality built in, especially
for SQL injection at this point, for generating working exploits
for web application vulnerabilities. After all, the best way to
show the business impact of an issue is to show it is
exploitable
* It's free, open source, and pretty easy to extend through the
use of it's plugin architecture
From the blurb - "Oedipus is an open source web application security
analysis and testing suite written in Ruby by Pentration Testers for
Penetration Testers. It is capable of parsing different types of log
files off-line and identifying security vulnerabilities. Using the
analyzed information, Oedipus can dynamically test web sites for
application and web server vulnerabilities"
- application/x-pkcs7-signature attachment: smime_p7s
Received on Apr 07 2006
Intro
