WebApp Sec mailing list archives
Re: no standards for webapp exploitation
From: Ingo Struck <ingo () ingostruck de>
Date: 2 Jul 2003 16:37:52 -0000
In-Reply-To: <Pine.LNX.4.44.0307020019361.2234-100000@felinemenace> Hi...
# VulnXML and the whisker.dat (and all of libwhisker # (whisker RIP)) are for testing purposes ONLY. they # do not scale to enterprise level where API's should # be easy to work with and provide a high level # interface to lower level scripting languages (like # python, perl). variables should be extinct outside # of module classes. the opensource web security
community
# would benefit from a standardized way to exploit # web applications, wether they are remote code execution, # remote command execution, server and client injection, # remote file reading (all of which are going to be
covered
# in an independant project which seeks to build webapp # exploit primitives provider on top of the websec class). # feel free to send comments and code to me
(nd () felinemenace org Well, in fact the intention of VulnXML is to be a description of application level vulnerabilities, that is both suited for human reading and for direct execution of the attacks described within a record. The only problem is, that there currently is no working execution engine for the latest VulnXML description (VulnXML DTD 1.4). There is some script code around to execute older VulnXML records. It is planned to write at least a java-based executor for VulnXML recs next. Watch out for the VulnXML db announcement that follows soon. Kind regards Ingo Struck (OWASP)
Current thread:
- no standards for webapp exploitation ned (Jul 02)
- <Possible follow-ups>
- RE: no standards for webapp exploitation Dawes, Rogan (ZA - Johannesburg) (Jul 02)
- Re: no standards for webapp exploitation Ingo Struck (Jul 02)
- Re: no standards for webapp exploitation dave (Jul 02)