The link was left off - it is available from http://
oedipus.rubyforge.org
Thanks
On 7 Apr 2006, at 16:53, Justin Clarke wrote:
> The Oedipus Web Application Scanner project (disclaimer - I have been
> involved in it's development) has just released it's first public beta
> release - version 1.8.1. Oedipus is a penetration testing focused
> tool,
> designed for penetration testers and for technical security or web
> development folks to test their applications for web application
> security issues. It deviates from many of the commercial tools in
> that:
>
> * Oedipus does not claim to be a one stop testing tool that will
> find every type of hole in your applications. It is, however,
> pretty good at finding the low hanging fruit so you can spend
> your time finding the really nasty problems manually
> * Oedipus has some exploitation functionality built in,
> especially
> for SQL injection at this point, for generating working
> exploits
> for web application vulnerabilities. After all, the best
> way to
> show the business impact of an issue is to show it is
> exploitable
> * It's free, open source, and pretty easy to extend through the
> use of it's plugin architecture
>
> From the blurb - "Oedipus is an open source web application security
> analysis and testing suite written in Ruby by Pentration Testers for
> Penetration Testers. It is capable of parsing different types of log
> files off-line and identifying security vulnerabilities. Using the
> analyzed information, Oedipus can dynamically test web sites for
> application and web server vulnerabilities"
>
- application/pkcs7-signature attachment: smime_p7s
Received on Apr 09 2006
Intro
