Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: no standards for webapp exploitation

From: <dave(at)immunitysec.com>
Date: Wed Jul 02 2003 - 14:47:36 EDT

The main benefit of VulnXML, imo, compared to a python-based engine is that you can distribute VulnXML from untrusted sources, and it won't execute on your machine. Another advantage is that it's self-describing, so you can do searches and stuff on a base of it. A major disadvantage is that it's not well suited for writing actual exploits - there's no good way to do something like urllib.quote_plus() or whatever external libraries you need to exploit something. My HTTP exploits for CANVAS tend to be multi-threaded, which VulnXML can't do...

For exploitation, Python is probably your language of choice. But that's not to say a Python class can't have VulnXML in it - SPIKE Proxy is pure Python....

-dave

> In-Reply-To: <Pine.LNX.4.44.0307020019361.2234-100000@felinemenace>
Received on Wed Jul 2 17:05:46 2003

This message: [ Message body ]
Next message: Dawes, Rogan (ZA - Johannesburg): "RE: no standards for webapp exploitation"
In reply to Ingo Struck: "Re: no standards for webapp exploitation"
Next in thread: Ingo Struck: "Re: no standards for webapp exploitation"
Reply: Ingo Struck: "Re: no standards for webapp exploitation"
Reply: Dawes, Rogan (ZA - Johannesburg): "RE: no standards for webapp exploitation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:53 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library