RE: AJAX and Web application scanners

[<thomas.jones () hushmail com>]

I think the real question you have to ask is why the performance of 
web app scanners is so bad on regular web apps and not worry about 
the bleeding edge of AJAX. If they are so bad (and they are, use 
Dinis Cruz's Sitegenerator tool with "crapscanner <choice>" if you 
want to see for yourself). Pretty reports are no indication of 
completenes...

http://owasp.net/forums/thread/428.aspx for Dinis cool tool.


Hi,

          I've been recently going around the web for a couple of 
challenges that AJAX faces. One thing that struck me was the web 
application scanners. I've seen a few vendors (i don't to mention 
any vendor or product name here) products that claim that they have 
javascript parsers and support for AJAX driven applications. My 
personal experience with these tools is that they could not spare 
well against apps that are heavily JavaScript driven and with the 
introduction of AJAX based apps it's a case of uncertainity in 
choosing the right product (if at all there can be one which can 
progress in auditing AJAX applications). Do any of you have any 
insights or experinces on these tools against AJAX based apps.

Thanks
Rajesh



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------