Dailydave mailing list archives
Re: bugs are bad.
From: Kevin Johnson <kjohnson () secureideas net>
Date: Mon, 31 Jul 2006 22:06:44 -0400
On Jul 31, 2006, at 4:17 PM, Dave Aitel wrote:
I need to browse them, and then store and manipulate different data in a lot of different ways. I want to draw a circle around some blocks that represent queries and say "This is the login sequence - go do this a thousand times and tell me what the cookies are like, and while you're at it try every other query in this other group afterwards". Then I want to draw a circle around the "order a widget" sequence and say "try this in every possible order after logging in and let me know if anything weird happens". Essentially I think the whole idea of storing a site based on it's "pages" is broken. GET /bob.php?method=login is very different from method=logout. Same "page", different code paths. But today's scanners can't help me. And I think this is because they're making tons of money rather than being useful to people who know what they're doing. - -dave
Well, there is a small group of us hat aren't making a ton of money andare trying to work out this issue. It started as trying to automatically build a
default deny configuration generator for mod_security and has growna bit beyond that..... Wasn't sure if anyone else was interested...<grin>
Kevin --------------------- BASE Project Lead http://base.secureideas.net The next step in IDS analysis!
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- bugs are bad. Dave Aitel (Jul 31)
- Re: bugs are bad. Jared DeMott (Jul 31)
- Re: bugs are bad. Matthew Franz (Aug 01)
- Message not available
- Re: bugs are bad. Matthew Franz (Aug 01)
- Re: bugs are bad. John Lampe (Aug 01)
- Re: bugs are bad. foofus (Aug 01)
- Re: bugs are bad. John Lampe (Aug 01)
- Re: bugs are bad. Matthew Franz (Aug 01)
- Re: bugs are bad. Jared DeMott (Jul 31)
- Re: bugs are bad. John Lampe (Aug 01)