Vulnerability Development mailing list archives

Re: Scanning Web Proxy -- Preliminary Concept

From: Ory Segal <ory.segal () SANCTUMINC COM>
Date: Sun, 17 Dec 2000 18:05:10 +0200

Hello Philip ,

After reading your preliminary concecpt , I thought my company should give it's
own added
value to this discussion. what you have described , to our luck -  already
exists , and it is called Appscan.
Appscan is a web application vulnerability scanner , and it is capabale of doing
most of the stuff
you mentioned in your preliminary concept and much much more.
Appscan's uniqueness is that it finds vulnerabilities that are site-specific ,
not like other web/CGI scanners
which only know how to deal with pre-known bugs. it scans the web site ,
processing the forms , scripts and
pages and finds each one it's own specific vulnerabilites.
it is fully automatic, with manual tampering capabilities , and has
comprehensive reporting features.

I would suggest that anyone (!) who is interested in such a scanner -- (And
judging by the number of vulnerabale
web applications , scripts and other web related products that apear every day
in Bugtraq , I would say
there should be many developers/administrator/auditors interested)  , go and
visit our site at :
http://www.sanctuminc.com

--

          Ory Segal
        Sanctum, Inc.
 http://www.SanctumInc.Com/

Ampa Bldg.,  1 Sapir Street.
Mail:     P.O.Box      12047
Herzliya    46733,    ISRAEL

Tel: +972-9-9586077 Ext. 236
Fax: +972-9-9576337

  Ory.Segal () SanctumInc Com

Current thread:

Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: Scanning Web Proxy -- Preliminary Concept Bluefish (P.Magnusson) (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept R. DuFresne (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept Ory Segal (Dec 18)
- <Possible follow-ups>
- Re: Scanning Web Proxy -- Preliminary Concept Sahlberg, Jeremiah (Dec 20)