MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: 'Crawling' rich web apps. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

'Crawling' rich web apps
by Acidus at 11:00 am EDT, Jun 21, 2007

Critics like to point out it is difficult for web scanners to know when an entire RIA has been crawled. After all, certain actions might expose more functionality, which exposes more and more. Certain functionality (like a spell checker) might not get invoked unless there are mispelled words.

RIA are full blown applications. You don't "crawl" Microsoft Word do you? You don't "crawl" Visual Studio? Web security researchers need to remember that other industries confront the same problems we do. Automated GUI testing suites have existed for years and some of the research is very interesting and highly applicable. I have no numbers, but I'd bet dollars to doughnuts that market is a little bigger than the webappsec.

Talking about how difficult a problem is doesn't help anyone. Trying to solve it, even if you fail, helps everyone. I learned that in college at a lecture by Dr Cook, one of the definitive sources on the Traveling Salesmen Problem.

RE: 'Crawling' rich web apps
by Lost at 4:42 pm EDT, Jun 21, 2007

Acidus wrote:
Critics like to point out it is difficult for web scanners to know when an entire RIA has been crawled. After all, certain actions might expose more functionality, which exposes more and more. Certain functionality (like a spell checker) might not get invoked unless there are mispelled words.
RIA are full blown applications. You don't "crawl" Microsoft Word do you? You don't "crawl" Visual Studio? Web security researchers need to remember that other industries confront the same problems we do. Automated GUI testing suites have existed for years and some of the research is very interesting and highly applicable. I have no numbers, but I'd bet dollars to doughnuts that market is a little bigger than the webappsec.
Talking about how difficult a problem is doesn't help anyone. Trying to solve it, even if you fail, helps everyone. I learned that in college at a lecture by Dr Cook, one of the definitive sources on the Traveling Salesmen Problem.

Speaking of which... http://www.blue-violin.com/