Re: bugs are bad.

[Kevin Johnson <kjohnson () secureideas net>]

On Jul 31, 2006, at 4:17 PM, Dave Aitel wrote:
>  I need to
> browse them, and then store and manipulate different data in a lot of
> different ways. I want to draw a circle around some blocks that
> represent queries and say "This is the login sequence - go do this a
> thousand times and tell me what the cookies are like, and while you're
> at it try every other query in this other group afterwards". Then I
> want to draw a circle around the "order a widget" sequence and say
> "try this in every possible order after logging in and let me know if
> anything weird happens". Essentially I think the whole idea of storing
> a site based on it's "pages" is broken. GET /bob.php?method=login is
> very different from method=logout. Same "page", different code paths.
> But today's scanners can't help me. And I think this is because
> they're making tons of money rather than being useful to people who
> know what they're doing.
>
> - -dave

Well, there is a small group of us hat aren't making a ton of money and
are trying to work out this issue.  It started as trying to  
automatically build a
default deny configuration generator for mod_security and has grown
a bit beyond that.....  Wasn't sure if anyone else was  
interested...<grin>

Kevin
---------------------
BASE Project Lead
http://base.secureideas.net
The next step in IDS analysis!



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave