WebApp Sec mailing list archives
RE: AJAX and Web application scanners
From: <thomas.jones () hushmail com>
Date: Tue, 28 Mar 2006 10:26:01 -0500
I think the real question you have to ask is why the performance of web app scanners is so bad on regular web apps and not worry about the bleeding edge of AJAX. If they are so bad (and they are, use Dinis Cruz's Sitegenerator tool with "crapscanner <choice>" if you want to see for yourself). Pretty reports are no indication of completenes... http://owasp.net/forums/thread/428.aspx for Dinis cool tool. Hi, I've been recently going around the web for a couple of challenges that AJAX faces. One thing that struck me was the web application scanners. I've seen a few vendors (i don't to mention any vendor or product name here) products that claim that they have javascript parsers and support for AJAX driven applications. My personal experience with these tools is that they could not spare well against apps that are heavily JavaScript driven and with the introduction of AJAX based apps it's a case of uncertainity in choosing the right product (if at all there can be one which can progress in auditing AJAX applications). Do any of you have any insights or experinces on these tools against AJAX based apps. Thanks Rajesh Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- AJAX and Web application scanners rajeshdilli (Mar 27)
- RE: AJAX and Web application scanners Tate Hansen (Mar 28)
- Re: AJAX and Web application scanners Rogan Dawes (Mar 28)
- <Possible follow-ups>
- RE: AJAX and Web application scanners thomas.jones (Mar 28)
- RE: AJAX and Web application scanners Evans, Arian (Mar 28)
- Re: RE: AJAX and Web application scanners rajeshdilli (Mar 28)
- RE: AJAX and Web application scanners Jeff Robertson (Mar 29)
- Re: AJAX and Web application scanners Andrew van der Stock (Mar 29)