Fw: Re: ratproxy issues

[Andre Rodrigues <acastanheira2001 () yahoo com br>]

Hey Alonso,

I would like to talk about the use of ratproxy, and the issues reported.

1- Test Phase

I test the systems with the following parameters: 
-rlextifscgjm 
-XCrlfscmetigj  (for active testing).

What parameteres do you use?

To perform the test I click on every app´s link, but it is a little boring, and there´s a risk of forgeting some link. 
Let alone a big one. 

How do you proceed to test your apps?

2- Issues Phase

Ratproxy reported some high risk issues, so I need to understand then in order to convince the developers.

I´ve found found this link http://code.google.com/p/doctype/wiki/ArticlesXSS that explain many of the threats reported 
by ratproxy.

What approach do you use in order to convince the developers team about the risks exposed?


Is there any comparison between ratproxy and other pen test tools?

?Prefieres hablar en español?

Thanks,
André

--- On Fri, 11/7/08, Alonso Caballero Quezada / ReYDeS <reydes () gmail com> wrote:
From: Alonso Caballero Quezada / ReYDeS <reydes () gmail com>
Subject: Re: ratproxy issues
To: security-basics () securityfocus com
Date: Friday, November 7, 2008, 8:35 AM

Saludos:

On Fri, Nov 7, 2008 at 7:16 AM,  <acastanheira2001 () yahoo com br> wrote:
> Hi,
>
> Does anybody use ratproxy in order to evaluate its web apps?
>
> I´m using now and would like to discuss the reported issues.
        
Yes, What do you want to know?what do you know?

 Atte:

-- 
Alonso Caballero Quezada aka ReYDeS - ReYDeS () gmail com
GIAC Computer and Network Security Awareness (SSP-CNSA)
http://alonsocaballero.informatizate.net - LRU #307242
PeruSEC.org -
 informatizate.net
 - NoticiasTrujillo.com