Re: [WEB SECURITY] Challenges faced by automated web application security assessment tools

[Dan Kuykendall <dan@xxxxxxxxxxxxxx>]

bugtraq@xxxxxxxxxxxxxxx wrote:
> I have released a new document 'Challenges faced by automated web application security assessment tools' that a few of you
> may find interesting. 
>
> URL:
> http://www.cgisecurity.com/articles/scannerchallenges.shtml
>
> Comments welcome. 

Well done list. As one working on these scanners, all of these issues 
are daily challenges we face.

Script parsing mentions XML, but one thing app sec scanners are having 
to face now are additional protocols on top of HTTP, such as Web 
Services (SOAP). Many of the attacks are the same, but the delivery 
protocol is different, and the protocols themselves have issues to check 
for. I think these will become more of an issue as things continue and 
we start dealing with more "Web 2.0" features that utilize full blown 
web services as their back ends.

--
Dan Kuykendall
Director of Engineering & Information Technologies
NT OBJECTives, Inc.
626|226|8620
www.ntobjectives.com


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]