WebApp Sec: Beta release of the Oedipus Web Application Scanner is released

[Justin Clarke <justin () justinclarke com>]

The Oedipus Web Application Scanner project (disclaimer - I have been
involved in it's development) has just released it's first public beta
release - version 1.8.1. Oedipus is a penetration testing focused tool,
designed for penetration testers and for technical security or web
development folks to test their applications for web application
security issues. It deviates from many of the commercial tools in that:

      * Oedipus does not claim to be a one stop testing tool that will
        find every type of hole in your applications. It is, however,
        pretty good at finding the low hanging fruit so you can spend
        your time finding the really nasty problems manually
      * Oedipus has some exploitation functionality built in, especially
        for SQL injection at this point, for generating working exploits
        for web application vulnerabilities. After all, the best way to
        show the business impact of an issue is to show it is
        exploitable
      * It's free, open source, and pretty easy to extend through the
        use of it's plugin architecture

From the blurb - "Oedipus is an open source web application security
analysis and testing suite written in Ruby by Pentration Testers for
Penetration Testers. It is capable of parsing different types of log
files off-line and identifying security vulnerabilities. Using the
analyzed information, Oedipus can dynamically test web sites for
application and web server vulnerabilities"

Attachment: smime.p7s
Description: