WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Web Application Source Vulnerability Scanners

From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Fri, 28 Feb 2003 09:45:42 +0200
You might want to have a look at
http://mysite.mweb.co.za/residents/rdawes/exodus.html

It is the homepage of Exodus, a Java web proxy currently under development,
but it also has links to a number of other similar tools.


From the page:


Functionality existing in Exodus today

    * Proxies HTTP and HTTPS connections
    * supports upstream HTTP proxies (HTTPS coming soon)
    * support Basic-Auth and Proxy Basic-Auth (NTLM support will come if
there is a need for it, I'm sure!)
    * Supports interception and modification of requests and responses
(individually selectable)
    * Shows a log of requests received by the proxy, modifications made by
the user/proxy, responses from the server, and modifications made to the
response
    * Can render HTML responses to the screen

Exodus may be added to the OWASP project, as a complementary tool to
PenProxy, OpenProxy and WebScarab. Since they are all GPL'd, there will
almost certainly be cross-pollenation between them if that does not happen.

Rogan

-----Original Message-----
From: Rosado, Rafael (Rafael) [mailto:rarosado () lucent com] 
Sent: 27 February 2003 09:27 PM
To: webappsec () securityfocus com; cisspforum () yahoogroups com
Subject: Web Application Source Vulnerability Scanners


Does anyone know of open source vulnerability scanners in the Web
Application Source Code security market segment?  I am familiar and aware of
the most common commercial tools (AppScan from Sanctum and WebInspect from
SpiDymanics).  The Open Web Application Application Security Project (OWASP)
has started the development of an open source Weeb Application Vulnerability
scanner called WebScarab, however, it is in the early stages of development.

Any assistance on indentifying specific open source tools (names and web
sites were to download) are greatly appreciated. 

Rafael Rosado, CISSP, CISA
IT Security Manager
Caribbean and Latin America Region (CALA) &
Global Risk Assessment and Penetration Testing
Lucent Technologies O  
Corporate Security
Business Assurance and Risk Mitigation Services (B.A.R.M.S.) 
2400 SW 145th Avenue - Room 3S039
Miramar, Florida 33027 
+1 954-885-2176 (voice) *
+1 954-885-3861 (fax) * 
+1 954-648-3532 (mobile) or 9546483532 () mobile att net (text message) *
rarosado () lucent com (email) *

This electronic mail message contains information belonging to Lucent
Technologies, which may be confidential and/or legal privileged. The
information is intended only for the use of the individual or entity named
above. If you are not the intended recipient, you are hereby notified that
any disclosure, printing, copying, distribution, or the taking of any action
in reliance on the contents of this electronically mailed information is
strictly prohibited. If you receive this message in error, please
immediately notify us by electronic mail and delete this message.
Previous By Date Next
Previous By Thread Next

Current thread: