Vulnerability Development mailing list archives
Re: Scanning Web Proxy -- Preliminary Concept
From: Ory Segal <ory.segal () SANCTUMINC COM>
Date: Sun, 17 Dec 2000 18:05:10 +0200
Hello Philip , After reading your preliminary concecpt , I thought my company should give it's own added value to this discussion. what you have described , to our luck - already exists , and it is called Appscan. Appscan is a web application vulnerability scanner , and it is capabale of doing most of the stuff you mentioned in your preliminary concept and much much more. Appscan's uniqueness is that it finds vulnerabilities that are site-specific , not like other web/CGI scanners which only know how to deal with pre-known bugs. it scans the web site , processing the forms , scripts and pages and finds each one it's own specific vulnerabilites. it is fully automatic, with manual tampering capabilities , and has comprehensive reporting features. I would suggest that anyone (!) who is interested in such a scanner -- (And judging by the number of vulnerabale web applications , scripts and other web related products that apear every day in Bugtraq , I would say there should be many developers/administrator/auditors interested) , go and visit our site at : http://www.sanctuminc.com -- Ory Segal Sanctum, Inc. http://www.SanctumInc.Com/ Ampa Bldg., 1 Sapir Street. Mail: P.O.Box 12047 Herzliya 46733, ISRAEL Tel: +972-9-9586077 Ext. 236 Fax: +972-9-9576337 Ory.Segal () SanctumInc Com
Current thread:
- Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: Scanning Web Proxy -- Preliminary Concept Bluefish (P.Magnusson) (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept R. DuFresne (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept Ory Segal (Dec 18)
- <Possible follow-ups>
- Re: Scanning Web Proxy -- Preliminary Concept Sahlberg, Jeremiah (Dec 20)