From blackbox to grey-box during Web App tests

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So  Fortify has this out - it's interesting, but I think it's not what
I want. Has anyone used it?

http://www.fortifysoftware.com/products/tracer/

I dunno why everyone gets so hung up on metrics when they should be
going for the jugular.

What I want is to use SPIKE Proxy and while I'm testing the web app
have every CreateProcess and SQL Statement fed to me and then have a
filter so I can look only at what I care about (and avoid spamming
their network too much - especially on busy sites).

Theoretically you could then write something that autodetected and
bypassed filters and automated getting you your SQL injection in the
first place. And you would have at least one eye in the land of the
blind SQL Injection.

It's probably more work to write this email than write up the code
using Immunity Debugger and SPIKE Proxy, so maybe I'll just go off and
do that.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHC49wB8JNm+PA+iURAuZzAJ9FOIQ1NC3EABbOomT6DqeHButWLQCg4/jR
SkYWfY9IHtoli4QpCuEGqUU=
=TNSd
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave