[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler
- From: Sven Vetsch / Disenchant <sven.vetsch@xxxxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler
- Date: Wed, 25 Jun 2008 10:43:52 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Why haven't HP and the Web Security Research Group not added this
functionality to an already existing SQL Injection Scanner? I'm not sure
about this but isn't there a big chance, that developers or even
security people without deeper webappsec knowledge think, that Scrawlr
can find all SQL Injections for them because behind it they'll find the
names HP and Microsoft? If this becomes the case, we'll have much bigger
problems than we actually have because as already mentioned by Billy,
it's *not* a replacement for tools like Absinthe, etc. and so developers
will not find any form based SQL Injections if they don't use other
scanners too.
Regards,
Sven
Hoffman, Billy wrote:
|
- --
sent by Sven Vetsch / Disenchant
http://disenchant.ch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIYgVI8luv3I4ijh0RAkO5AJ0bhZ0gM6SBfy63AU9DVvKu5JZ7twCbB90F
JNIw3vddrmo0HhedE89IxXU=
=ko9c
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|