Re: Web Application Source Vulnerability Scanners

Not to mention there are MANY open source tools that do all those things. SPIKE Proxy (which I wrote) doesn't automatically detect that you got kicked out of session, but it would be fairly easy to patch it up to do so, once you realized that was happening. It maintains whatever cookies you happen to have, and you can start mutiple scans using multiple cookies at once, if you so choose.You can even specify a particular cookie to be used while you spider - actually, this happens automatically once you choose your starting request.

Which reminds me, does anyone have a mirror of the Win32 package for SPIKE Proxy? I'm currently in New Zealand, which is preventing me from kicking Verizon around until they fix the DSL line the Immunity web site runs off of, and I keep getting e-mailed requests for it. Apparantly it is impossible to find on packetstorm or wiretapped. Is there any possibility of a mirror on OWASP?

Dave Aitel
SPIKE Proxy: The next generation of tools.

• Original Message ----- From: <securityarchitect@hush.com> To: <webappsec@securityfocus.com>; <ory.segal@sanctuminc.com> Sent: Wednesday, March 05, 2003 5:48 AM Subject: RE: Web Application Source Vulnerability Scanners

>
> I know this list doesn't cater for commercial tool discussions
specifically so choosing words carefully moderator ;-)
>
> To counter that you should look at the latest review of commercial tools.
All failed pretty miserably and the general recomendation was to wait until the next generation of tools come out.
>
> http://www.infosecuritymag.com/2003/jan/cover.shtml
wrote:
> >Hi,
> >
> >The problem with most open source tools is that they are very strong
Received on Tue Mar 4 16:39:29 2003