Vulnerability Development mailing list archives
RE: Developerstore.com expose critical customer info
From: "Mark Curphey" <mark () curphey com>
Date: Sun, 13 Jan 2002 17:55:22 -0800
Nothing sinister, this really was just a case of bad timing. Sleuth was just a proof of concept and the brain child of one person (Dave Zimmer). It was designed to be an interactive web browser that exposed some HTTP. As things got underway at OWASP, we have determined we need (and been asked by the community) to build a more automated open source web application security testing tool that is cross platform. As such it is likely to be built in Java and will be able to test all issues identified in the OWASP ASAC project (http://www.owasp.org/projects/asac/), like canonicalization for instance. It will also support testing against the requirements project and will support the testing framework, projects both only just started. This is likely to be at least six months away. To try and morph Sleuth into such a package would be like trying to convert a 4x4 into a sports car, so we all decided it would be best to keep Sleuth doing what it was designed to do and start from scratch with the new project so that we have a clean robust foundation to build upon. Sleuth and the plugins are all back at Dave Zimmers site (http://geocities.com/dzzie/sleuth) -----Original Message----- From: shawn merdinger [mailto:dinger () gslis utexas edu] Sent: Sunday, January 13, 2002 5:40 PM Cc: vuln-dev () securityfocus com; webappsec () securityfocus com Subject: Re: Developerstore.com expose critical customer info Looks like it's still on the Russian mirror: <http://SecurityLab.ru/_Tools/websleuthInstaller-1.1.2.zip> -scm On Sat, 12 Jan 2002, Jeremiah Grossman wrote:
WebSlueth was removed from OWASP because of this incident? Can someone "in the know" shed some light on this and explain if there is any truth to this.... (how does one relate to the other?) I did confirm the URL where WebSleuth was available from: http://www.owasp.org/resources/tools/index.shtml does indeed have it taken down... citing: "This site is temporarily down for maintenance, please check back later" Jeremiah Grossman c c wrote:It seems that the post cause some undesired efects (Websleuth removed from OWASP, etc.), i'm really sorry it was not my intention.
Current thread:
- Developerstore.com expose critical customer info c c (Jan 11)
- <Possible follow-ups>
- RE: Developerstore.com expose critical customer info Blue Boar (Jan 11)
- RE: Developerstore.com expose critical customer info sq (Jan 11)
- Re: Developerstore.com expose critical customer info Blue Boar (Jan 11)
- Re: Developerstore.com expose critical customer info c c (Jan 12)
- Re: Developerstore.com expose critical customer info Jeremiah Grossman (Jan 12)
- Re: Developerstore.com expose critical customer info shawn merdinger (Jan 13)
- RE: Developerstore.com expose critical customer info Mark Curphey (Jan 13)
- Re: Developerstore.com expose critical customer info Jeremiah Grossman (Jan 12)