WebApp Sec mailing list archives
Re: Environment for testing WebApp Security Scanners
From: mikeiscool <michaelslists () gmail com>
Date: Thu, 10 Aug 2006 08:19:57 +1000
On 8/9/06, c0redump () ackers org uk <c0redump () ackers org uk> wrote:
Nice idea, but no tool can substitute for a little common sense and manual know how. The way cookies like this would be implemented would vary greatly, therefore any security scanner would still rely on signatures - back to the problem at hand again. If it doesn't have the signature/rule it isn't going to pick it up. Therefore, any web application tool out there, when used, should *always* be followed up by a manual test.
I don't think anyone would disagree with that.
Just my two pence. Tom Neaves
-- mic ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
Current thread:
- RE: Environment for testing WebApp Security Scanners, (continued)
- RE: Environment for testing WebApp Security Scanners Mark Curphey (Aug 08)
- Re: Environment for testing WebApp Security Scanners Roman H. (Aug 08)
- RE: Environment for testing WebApp Security Scanners Brokken, Allen P. (Aug 08)
- Re: Environment for testing WebApp Security Scanners Dean H. Saxe (Aug 08)
- Re: Environment for testing WebApp Security Scanners Gerald Quakenbush (Aug 08)
- RE: Environment for testing WebApp Security Scanners Mark Curphey (Aug 08)
- Re: Environment for testing WebApp Security Scanners mikeiscool (Aug 08)
- Re: Environment for testing WebApp Security Scanners Dean H. Saxe (Aug 08)
- Re: Environment for testing WebApp Security Scanners mikeiscool (Aug 08)
- Re: Environment for testing WebApp Security Scanners Dean H. Saxe (Aug 08)
- Re: Environment for testing WebApp Security Scanners c0redump (Aug 09)
- Re: Environment for testing WebApp Security Scanners mikeiscool (Aug 09)
- Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Enis Karaarslan (Aug 24)
- Message not available
- Message not available
- RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Enis Karaarslan (Aug 24)