Create an Account
username: password:
 
  MemeStreams Logo

W3af: Web Application Attack and Audit Framework
search
Home Agent Weblogs Social Network Post Help About

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
W3af: Web Application Attack and Audit Framework
Topic: Technology 11:19 am EDT, Oct 19, 2007

Caleb and I joke that the conference talk we most want to give, but (for various legal reasons) will never be able to give, is how to write a modern web scanner.

This architecture looks a lot like what we would discuss. But, as always, there are things that are essential that it fails to address (so far)

-Manual JavaScript? Can a brother get some Spidermonkey?
-Captcha?
-Flash? Anyone?
-Two factor?

I need to take this for a spin. Multiple threads, authentication, log out detection, URL aliasing, transparent proxies, load balancers, and thread management are either not mentioned or are *way* too glossed over in the presentation. These are things people think are easy that become Hard Problems(tm) when scaling to enterprise environments.

If you are fingerprinting with HTTPrint you have a lot to learn.

The nod to client-side static analysis of code was nice and sounded very familiar... [looks at open Visual Studio currently in debugging]... very familiar indeed...

Keep your eye on this project.

W3af: Web Application Attack and Audit Framework

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0