Re: Thought of the day: graphing web applications

[list () roseslabs com]

Hi Dave,

Foundstone has something along this lines (SiteScope), check it out...

And the tool I'm working on, Pantera Web Assessment Studio (WAS) will
incorporate this feature among other things :)

Simon Roses Femerling

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So I use CANVAS as an attack platform for Web Application Assessments
> quite often. There are probably better specialized tools, but I like
> having everything in Python because each assessment is different and
> it's easy to add to CANVAS for me.
>
> In today's case, I'm looking at another large JSP application. Typical
> three tier stuff.
>
> What I want to do is browse the whole site, and then have another script
> go through my SPIKE Proxy saved request-and-response files and graph
> them. Pages with lots of forms on them or interesting text or variables
> could get graphed larger, and links can be drawn between forms that
> share the same data or lead to each other. And it'd be nice to cull and
> color the graph and say "I checked this variable - it's safe" or even
> tie it into the fuzzing mechanism. "Fuzz from this page to that page"
>
> Essentially I want WebAppNavi. Does anyone have anything similar ?
>
> - -dave
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (MingW32)
>
> iD8DBQFEs69ytehAhL0gheoRAsZNAJ4/fU8bDlPCGr3FUvWBFDr2TzunEgCbBIIV
> cMJkjbT/cOmdW9QD0Q3jJ1E=
> =D7o0
> -----END PGP SIGNATURE-----
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave