Hosting Provided By

RE: no standards for webapp exploitation

From: <dave(at)immunitysec.com>
Date: Thu Jul 03 2003 - 07:53:35 EDT

> I'm not sure how best to support something like this without introducing

Right. And this API would have to expand enough to accomodate every new exploit that comes out. AND there's a big difference between being "a way to do exploits" and being "the best way to do exploits"

> Of course, if there is some other reason why you think that VulnXML is not

Well, it's capable of threading different tests, but one test often needs to make and hold multiple connections, if you're talking about a full exploit engine.

Frankly, I think no "XML" description will ever be a very useful exploitation engine. This is why people write Python classes to do that. You give up the lightweight XML structure for actual execution of code. It's a lot easier to write too. Can you imagine writing a working exploit in XML?!

-dave Received on Thu Jul 3 11:39:44 2003

This message: [ Message body ]
Next message: Ingo Struck: "OWASP publishes the VulnXML db first draft release"
Previous message: Ingo Struck: "Re: no standards for webapp exploitation"
In reply to Dawes, Rogan (ZA - Johannesburg): "RE: no standards for webapp exploitation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:53 EDT

Do you need help?