WebApp Sec mailing list archives
Re: Web Application Analysis Tools?
From: Martin Eiszner <martin () websec org>
Date: Thu, 12 Dec 2002 19:20:31 +0100
hi David,others, On Thu, 12 Dec 2002 12:50:27 -0500 "David Simcik" <dave () simcik com> wrote:
there (especially free/inexpensive ones) that will help with this? I suspect there aren't any "one size fits all" type solutions out there for this, but I have to try.
"desperado" is a small and highly configurable script for testing webapps for security-vulnerabilities .. the script compares webserver-responses to a so called "good request" with responses to "bad" requests (taken from a config-file). it is able to check for request-params,request-extra-path,request-headers ,request-method,request-content and request-querys by defining loops in config-files it is also possible to test for buffer-overflows Script: http://www.websec.at/tools/desperado_pl.html Demo-configfile: http://www.websec.at/tools/params-get.cfg nice day, mei -- mei () websec org http://www.websec.org tel: 0043 699 121772 37
Current thread:
- RE: Web Application Analysis Tools? Lars Troen (Dec 12)
- <Possible follow-ups>
- Web Application Analysis Tools? David Simcik (Dec 12)
- Re: Web Application Analysis Tools? Kevin Spett (Dec 12)
- Re: Web Application Analysis Tools? Jeff Williams @ Aspect (Dec 12)
- Re: Web Application Analysis Tools? Kevin Spett (Dec 12)
- Re: Web Application Analysis Tools? Martin Eiszner (Dec 12)
- Re: Web Application Analysis Tools? Kevin Spett (Dec 12)