Coverage and a recent paper by L. Suto

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://ha.ckers.org/files/CoverageOfWebAppScanners.pdf

He compared NTOSpider/Appscan/Webinspect - and NTOSpider "won".

Without the full vulnerability reports and the VM's of the vulnerable
apps, I'm not going to dwell on the comparison of tools, except to say
it's interesting, but I will say that all this focus on "code
coverage" is a bit strange. Vulnerabilities, like fish, tend to
cluster in particular places. Having 10% code coverage is perfectly ok
if it's the code that has the bugs. And you can't see race conditions
with code coverage tools.

Also, most of the value of instrumentation is that when built into
your attack tool you get a real-time human-usable view into the guts
of the application. This is why I don't think byte-code
instrumentation has huge advantages over just hooking Win32 API's. But
I don't have a byte-code parser yet either. :>

Speaking of race conditions, I'm happy to announce that Immunity has
+= Paul Starzetz (http://marc.info/?a=107032640300001&r=1&w=2).

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD4DBQFHE52HB8JNm+PA+iURAk9xAKCzXrmHP7GdURmWvQqDLQx9FOn8FgCYnfJI
m3XYC6cV71su3IJLIC+qZw==
=RQ5q
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave