Hosting Provided By

RE: Web Application Source Vulnerability Scanners

From: Rose, Tracey <Tracey.Rose(at)bestsoftware.com>
Date: Tue Mar 04 2003 - 16:43:58 EST

it is nearly impossible to find on wiretapped. But it is here: http://www.mirrors.wiretapped.net/security/vulnerability-assessment/spike/

-----Original Message-----
From: Dave Aitel [mailto:dave@immunitysec.com] Sent: Tuesday, March 04, 2003 4:06 PM
To: webappsec@securityfocus.com; ory.segal@sanctuminc.com; securityarchitect@hush.com
Subject: Re: Web Application Source Vulnerability Scanners

Not to mention there are MANY open source tools that do all those things. SPIKE Proxy (which I wrote) doesn't automatically detect that you got kicked out of session, but it would be fairly easy to patch it up to do so, once you realized that was happening. It maintains whatever cookies you happen to have, and you can start mutiple scans using multiple cookies at once, if you so choose.You can even specify a particular cookie to be used while you spider - actually, this happens automatically once you choose your starting request.

Which reminds me, does anyone have a mirror of the Win32 package for SPIKE Proxy? I'm currently in New Zealand, which is preventing me from kicking Verizon around until they fix the DSL line the Immunity web site runs off of, and I keep getting e-mailed requests for it. Apparantly it is impossible to find on packetstorm or wiretapped. Is there any possibility of a mirror on OWASP?

Dave Aitel
SPIKE Proxy: The next generation of tools.

Original Message ----- From: <securityarchitect@hush.com> To: <webappsec@securityfocus.com>; <ory.segal@sanctuminc.com> Sent: Wednesday, March 05, 2003 5:48 AM Subject: RE: Web Application Source Vulnerability Scanners

>
> I know this list doesn't cater for commercial tool discussions
specifically so choosing words carefully moderator ;-)
>
> To counter that you should look at the latest review of commercial tools.
All failed pretty miserably and the general recomendation was to wait until the next generation of tools come out.
>
> http://www.infosecuritymag.com/2003/jan/cover.shtml
>
>
> On Tue, 04 Mar 2003 07:25:02 -0800 Ory Segal <ory.segal@sanctuminc.com>
wrote:
> >Hi,
> >
> >The problem with most open source tools is that they are very strong
Received on Tue Mar 4 16:52:12 2003

This message: [ Message body ]
Next message: Rosado, Rafael (Rafael): "RE: Web Application Source Vulnerability Scanners"
Maybe in reply to: Rosado, Rafael (Rafael): "Web Application Source Vulnerability Scanners"
In reply to Dave Aitel: "Re: Web Application Source Vulnerability Scanners"
Reply: Kevin Spett: "Re: Web Application Source Vulnerability Scanners"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT